GNOME Bugzilla – Bug 702101
Gnumeric segfaults in colrow_foreach on a corrupted (fuzzed) xls file
Last modified: 2013-06-16 18:48:43 UTC
Gnumeric segfaults in colrow_foreach on a corrupted (fuzzed) xls file. Versions affected (at least): git 20130612 and 1.12.2 Test case: http://jutaky.com/fuzzing/gnumeric_case_19972_6578.xls Backtrace: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff78b5d6f in colrow_foreach (infos=0x850068, first=0, last=43516, callback=0x7ffff79734c0 <cb_check_array_horizontal>, user_data=0x7fffffffe040) at colrow.c:217 217 iter.cri = segment->info[sub]; (gdb) bt
+ Trace 232038
-- Juha Kylmänen Research Assistant, OUSPG
Yeah, that's bad.
This problem has been fixed in our software repository. The fix will go into the next software release. Thank you for your bug report.
This issue has been assigned CVE-id CVE-2013-4605.