CVE-2017-2919 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2919): An exploitable stack based buffer overflow vulnerability exists in the xls_getfcell function of libxls 1.3.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability CVE-2017-2897 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2897): An exploitable out-of-bounds write vulnerability exists in the read_MSAT function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. CVE-2017-2896 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2896): An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. CVE-2017-12111 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12111): An exploitable out-of-bounds vulnerability exists in the xls_addCell function of libxls 1.4. A specially crafted XLS file with a formula record can cause memory corruption resulting in remote code execution. An attacker can send a malicious XLS file to trigger this vulnerability. CVE-2017-12110 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12110): An exploitable integer overflow vulnerability exists in the xls_appendSST function of libxls 1.4.A specially crafted XLS file can cause memory corruption resulting in remote code execution.
@Maintainer please call for stabilization when ready. Thank you
Tree is clean, fixed in 1.5.0. First fixed version in tree is 1.5.2.
This issue was resolved and addressed in GLSA 202003-64 at https://security.gentoo.org/glsa/202003-64 by GLSA coordinator Thomas Deutschmann (whissi).