CVE-2008-0668
gnumeric
EPSS 7.5%
Description
The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow. NOTE: some of these details are obtained from third party information.
How to fix CVE-2008-0668
To remediate CVE-2008-0668, upgrade the affected package to a fixed version below.
- Debian/gnumeric—upgrade to 1.8.1-1 or later
- Debian/gnumeric—upgrade to 1.6.3-5.1+etch1 or later
Is CVE-2008-0668 being exploited?
Moderate — EPSS is 7.5%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1.8.1-1
- from 0, < 1.6.3-5.1+etch1