{"url":"http://public2.vulnerablecode.io/api/packages/515606?format=json","purl":"pkg:deb/debian/r-cran-readxl@0.1.1-1~bpo8%2B1","type":"deb","namespace":"debian","name":"r-cran-readxl","version":"0.1.1-1~bpo8+1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.3.0-1","latest_non_vulnerable_version":"1.3.0-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99662?format=json","vulnerability_id":"VCID-22k4-dfxh-qyhj","summary":"An exploitable stack based buffer overflow vulnerability exists in the xls_getfcell function of libxls 1.3.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2919","reference_id":"","reference_type":"","scores":[{"value":"0.01299","scoring_system":"epss","scoring_elements":"0.80058","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01299","scoring_system":"epss","scoring_elements":"0.80084","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01299","scoring_system":"epss","scoring_elements":"0.80088","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01299","scoring_system":"epss","scoring_elements":"0.80083","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01299","scoring_system":"epss","scoring_elements":"0.80074","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01299","scoring_system":"epss","scoring_elements":"0.80094","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12108","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12108"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12109","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12109"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12110","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12110"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2896","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2896"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2919"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895564","reference_id":"895564","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895564"},{"reference_url":"https://security.gentoo.org/glsa/202003-64","reference_id":"GLSA-202003-64","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-64"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/515607?format=json","purl":"pkg:deb/debian/r-cran-readxl@0.1.1-1%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22k4-dfxh-qyhj"},{"vulnerability":"VCID-2bkf-5krj-2ud3"},{"vulnerability":"VCID-7eju-u9jd-43hv"},{"vulnerability":"VCID-az9y-8fu6-6ffj"},{"vulnerability":"VCID-chwn-pvp9-zqg2"},{"vulnerability":"VCID-efsq-r7cc-57e4"},{"vulnerability":"VCID-fw5f-drnj-z7bc"},{"vulnerability":"VCID-j94e-45vx-v7ba"},{"vulnerability":"VCID-x8k1-137p-1bg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/r-cran-readxl@0.1.1-1%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/517078?format=json","purl":"pkg:deb/debian/r-cran-readxl@1.3.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/r-cran-readxl@1.3.0-1"}],"aliases":["CVE-2017-2919"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-22k4-dfxh-qyhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99656?format=json","vulnerability_id":"VCID-2bkf-5krj-2ud3","summary":"An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULRK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12109","reference_id":"","reference_type":"","scores":[{"value":"0.01096","scoring_system":"epss","scoring_elements":"0.78341","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01096","scoring_system":"epss","scoring_elements":"0.78367","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01096","scoring_system":"epss","scoring_elements":"0.78375","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01096","scoring_system":"epss","scoring_elements":"0.78366","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01096","scoring_system":"epss","scoring_elements":"0.78353","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01096","scoring_system":"epss","scoring_elements":"0.78371","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12109"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12108","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12108"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12109","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12109"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12110","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12110"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2896","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2896"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2919"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/515607?format=json","purl":"pkg:deb/debian/r-cran-readxl@0.1.1-1%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22k4-dfxh-qyhj"},{"vulnerability":"VCID-2bkf-5krj-2ud3"},{"vulnerability":"VCID-7eju-u9jd-43hv"},{"vulnerability":"VCID-az9y-8fu6-6ffj"},{"vulnerability":"VCID-chwn-pvp9-zqg2"},{"vulnerability":"VCID-efsq-r7cc-57e4"},{"vulnerability":"VCID-fw5f-drnj-z7bc"},{"vulnerability":"VCID-j94e-45vx-v7ba"},{"vulnerability":"VCID-x8k1-137p-1bg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/r-cran-readxl@0.1.1-1%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/517078?format=json","purl":"pkg:deb/debian/r-cran-readxl@1.3.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/r-cran-readxl@1.3.0-1"}],"aliases":["CVE-2017-12109"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2bkf-5krj-2ud3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99657?format=json","vulnerability_id":"VCID-7eju-u9jd-43hv","summary":"An exploitable integer overflow vulnerability exists in the xls_appendSST function of libxls 1.4.A specially crafted XLS file can cause memory corruption resulting in remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12110","reference_id":"","reference_type":"","scores":[{"value":"0.00658","scoring_system":"epss","scoring_elements":"0.71443","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00658","scoring_system":"epss","scoring_elements":"0.71487","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00658","scoring_system":"epss","scoring_elements":"0.71493","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00658","scoring_system":"epss","scoring_elements":"0.71469","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00658","scoring_system":"epss","scoring_elements":"0.71453","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00658","scoring_system":"epss","scoring_elements":"0.71477","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12110"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12108","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12108"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12109","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12109"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12110","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12110"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2896","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2896"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2919"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895564","reference_id":"895564","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895564"},{"reference_url":"https://security.gentoo.org/glsa/202003-64","reference_id":"GLSA-202003-64","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-64"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/515607?format=json","purl":"pkg:deb/debian/r-cran-readxl@0.1.1-1%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22k4-dfxh-qyhj"},{"vulnerability":"VCID-2bkf-5krj-2ud3"},{"vulnerability":"VCID-7eju-u9jd-43hv"},{"vulnerability":"VCID-az9y-8fu6-6ffj"},{"vulnerability":"VCID-chwn-pvp9-zqg2"},{"vulnerability":"VCID-efsq-r7cc-57e4"},{"vulnerability":"VCID-fw5f-drnj-z7bc"},{"vulnerability":"VCID-j94e-45vx-v7ba"},{"vulnerability":"VCID-x8k1-137p-1bg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/r-cran-readxl@0.1.1-1%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/517078?format=json","purl":"pkg:deb/debian/r-cran-readxl@1.3.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/r-cran-readxl@1.3.0-1"}],"aliases":["CVE-2017-12110"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7eju-u9jd-43hv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99664?format=json","vulnerability_id":"VCID-az9y-8fu6-6ffj","summary":"The read_MSAT_body function in ole.c in libxls 1.4.0 has an invalid free that allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, because of inconsistent memory management (new versus free) in ole2_read_header in ole.c.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20452","reference_id":"","reference_type":"","scores":[{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.61117","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.61165","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.61173","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.6116","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.61142","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.61162","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20452"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919324","reference_id":"919324","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919324"},{"reference_url":"https://security.gentoo.org/glsa/202003-64","reference_id":"GLSA-202003-64","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-64"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517078?format=json","purl":"pkg:deb/debian/r-cran-readxl@1.3.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/r-cran-readxl@1.3.0-1"}],"aliases":["CVE-2018-20452"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-az9y-8fu6-6ffj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99655?format=json","vulnerability_id":"VCID-chwn-pvp9-zqg2","summary":"An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULBLANK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12108","reference_id":"","reference_type":"","scores":[{"value":"0.01096","scoring_system":"epss","scoring_elements":"0.78341","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01096","scoring_system":"epss","scoring_elements":"0.78367","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01096","scoring_system":"epss","scoring_elements":"0.78375","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01096","scoring_system":"epss","scoring_elements":"0.78366","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01096","scoring_system":"epss","scoring_elements":"0.78353","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01096","scoring_system":"epss","scoring_elements":"0.78371","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12108"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12108","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12108"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12109","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12109"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12110","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12110"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2896","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2896"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2919"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/515607?format=json","purl":"pkg:deb/debian/r-cran-readxl@0.1.1-1%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22k4-dfxh-qyhj"},{"vulnerability":"VCID-2bkf-5krj-2ud3"},{"vulnerability":"VCID-7eju-u9jd-43hv"},{"vulnerability":"VCID-az9y-8fu6-6ffj"},{"vulnerability":"VCID-chwn-pvp9-zqg2"},{"vulnerability":"VCID-efsq-r7cc-57e4"},{"vulnerability":"VCID-fw5f-drnj-z7bc"},{"vulnerability":"VCID-j94e-45vx-v7ba"},{"vulnerability":"VCID-x8k1-137p-1bg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/r-cran-readxl@0.1.1-1%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/517078?format=json","purl":"pkg:deb/debian/r-cran-readxl@1.3.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/r-cran-readxl@1.3.0-1"}],"aliases":["CVE-2017-12108"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-chwn-pvp9-zqg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99658?format=json","vulnerability_id":"VCID-efsq-r7cc-57e4","summary":"An exploitable out-of-bounds vulnerability exists in the xls_addCell function of libxls 1.4. A specially crafted XLS file with a formula record can cause memory corruption resulting in remote code execution. An attacker can send a malicious XLS file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12111","reference_id":"","reference_type":"","scores":[{"value":"0.00658","scoring_system":"epss","scoring_elements":"0.71443","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00658","scoring_system":"epss","scoring_elements":"0.71487","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00658","scoring_system":"epss","scoring_elements":"0.71493","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00658","scoring_system":"epss","scoring_elements":"0.71469","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00658","scoring_system":"epss","scoring_elements":"0.71453","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00658","scoring_system":"epss","scoring_elements":"0.71477","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12108","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12108"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12109","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12109"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12110","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12110"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2896","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2896"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2919"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895564","reference_id":"895564","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895564"},{"reference_url":"https://security.gentoo.org/glsa/202003-64","reference_id":"GLSA-202003-64","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-64"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/515607?format=json","purl":"pkg:deb/debian/r-cran-readxl@0.1.1-1%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22k4-dfxh-qyhj"},{"vulnerability":"VCID-2bkf-5krj-2ud3"},{"vulnerability":"VCID-7eju-u9jd-43hv"},{"vulnerability":"VCID-az9y-8fu6-6ffj"},{"vulnerability":"VCID-chwn-pvp9-zqg2"},{"vulnerability":"VCID-efsq-r7cc-57e4"},{"vulnerability":"VCID-fw5f-drnj-z7bc"},{"vulnerability":"VCID-j94e-45vx-v7ba"},{"vulnerability":"VCID-x8k1-137p-1bg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/r-cran-readxl@0.1.1-1%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/517078?format=json","purl":"pkg:deb/debian/r-cran-readxl@1.3.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/r-cran-readxl@1.3.0-1"}],"aliases":["CVE-2017-12111"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-efsq-r7cc-57e4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99659?format=json","vulnerability_id":"VCID-fw5f-drnj-z7bc","summary":"An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2896","reference_id":"","reference_type":"","scores":[{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68603","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68644","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68651","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68629","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68646","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2896"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12108","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12108"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12109","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12109"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12110","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12110"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2896","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2896"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2919"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895564","reference_id":"895564","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895564"},{"reference_url":"https://security.gentoo.org/glsa/202003-64","reference_id":"GLSA-202003-64","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-64"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/515607?format=json","purl":"pkg:deb/debian/r-cran-readxl@0.1.1-1%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22k4-dfxh-qyhj"},{"vulnerability":"VCID-2bkf-5krj-2ud3"},{"vulnerability":"VCID-7eju-u9jd-43hv"},{"vulnerability":"VCID-az9y-8fu6-6ffj"},{"vulnerability":"VCID-chwn-pvp9-zqg2"},{"vulnerability":"VCID-efsq-r7cc-57e4"},{"vulnerability":"VCID-fw5f-drnj-z7bc"},{"vulnerability":"VCID-j94e-45vx-v7ba"},{"vulnerability":"VCID-x8k1-137p-1bg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/r-cran-readxl@0.1.1-1%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/517078?format=json","purl":"pkg:deb/debian/r-cran-readxl@1.3.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/r-cran-readxl@1.3.0-1"}],"aliases":["CVE-2017-2896"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fw5f-drnj-z7bc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99663?format=json","vulnerability_id":"VCID-j94e-45vx-v7ba","summary":"The read_MSAT function in ole.c in libxls 1.4.0 has a double free that allows attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2017-2897.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20450","reference_id":"","reference_type":"","scores":[{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49362","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49423","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49434","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49416","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49386","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49398","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20450"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919324","reference_id":"919324","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919324"},{"reference_url":"https://security.gentoo.org/glsa/202003-64","reference_id":"GLSA-202003-64","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-64"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517078?format=json","purl":"pkg:deb/debian/r-cran-readxl@1.3.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/r-cran-readxl@1.3.0-1"}],"aliases":["CVE-2018-20450"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j94e-45vx-v7ba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99660?format=json","vulnerability_id":"VCID-x8k1-137p-1bg6","summary":"An exploitable out-of-bounds write vulnerability exists in the read_MSAT function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2897","reference_id":"","reference_type":"","scores":[{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54254","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54311","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54319","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54308","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54285","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54307","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12108","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12108"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12109","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12109"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12110","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12110"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2896","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2896"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2919"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895564","reference_id":"895564","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895564"},{"reference_url":"https://security.gentoo.org/glsa/202003-64","reference_id":"GLSA-202003-64","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-64"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/515607?format=json","purl":"pkg:deb/debian/r-cran-readxl@0.1.1-1%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22k4-dfxh-qyhj"},{"vulnerability":"VCID-2bkf-5krj-2ud3"},{"vulnerability":"VCID-7eju-u9jd-43hv"},{"vulnerability":"VCID-az9y-8fu6-6ffj"},{"vulnerability":"VCID-chwn-pvp9-zqg2"},{"vulnerability":"VCID-efsq-r7cc-57e4"},{"vulnerability":"VCID-fw5f-drnj-z7bc"},{"vulnerability":"VCID-j94e-45vx-v7ba"},{"vulnerability":"VCID-x8k1-137p-1bg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/r-cran-readxl@0.1.1-1%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/517078?format=json","purl":"pkg:deb/debian/r-cran-readxl@1.3.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/r-cran-readxl@1.3.0-1"}],"aliases":["CVE-2017-2897"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x8k1-137p-1bg6"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/r-cran-readxl@0.1.1-1~bpo8%252B1"}