Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200509-02] Gnumeric: Heap overflow in the included PCRE library Vulnerability Scan
Vulnerability Scan Summary
Gnumeric: Heap overflow in the included PCRE library
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200509-02
(Gnumeric: Heap overflow in the included PCRE library)
Gnumeric contains a private copy of libpcre which is subject to an
integer overflow leading to a heap overflow (see GLSA 200508-17).
A possible hacker could potentially exploit this vulnerability by
tricking a user into opening a specially crafted spreadsheet, which
could lead to the execution of arbitrary code with the rights of
the user running Gnumeric.
There is no known workaround at this time.
All Gnumeric users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/gnumeric-1.4.3-r2"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.