CVE-2021-27836 — Vulnetix

CVE-2021-27836 PUBLISHED CVSS 6.5 MEDIUM

An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file.

EPSS 0.42% · 62.4th percentile

Risk Scores

CVSS 3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS Score

0.42%

62.4th percentile

Affected Products

Vendor	Product	Versions
fedoraproject	fedora	33, 34, 35
n/a	n/a	*
libxls_project	libxls	1.6.2

Exploit Intelligence

https://github.com/libxls/libxls/issues/94 (circl)
FEDORA-2021-785cdbddf9 (circl)
FEDORA-2021-033a5fe9e5 (circl)
FEDORA-2021-25e89d9374 (circl)

Timeline

Nov 3, 2021 CVE Published
Nov 4, 2021 EPSS Score
Nov 24, 2021 EPSS Score
Dec 30, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 24, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 20, 2022 EPSS Score
Jun 15, 2022 EPSS Score
Aug 11, 2022 EPSS Score
Nov 30, 2022 EPSS Score
Jan 25, 2023 EPSS Score

References

https://github.com/libxls/libxls/issues/94 url
FEDORA-2021-785cdbddf9 vendor-advisory
FEDORA-2021-033a5fe9e5 vendor-advisory
FEDORA-2021-25e89d9374 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-27836 advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5D7XXCVFYRRMI4ENXYSD3MZEBS6SMI7E url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFOE4Z6T46LA47VXWUVET4ELXRZQ3BWB url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y6XOTFEOCHYKZAFCB6H3KNIIFJ3UFV7V url

Open in Interactive Console →