1. Home
  2. CVE Database
  3. CVE-2016-4295
HIGH · 7.8

CVE-2016-4295

When opening a Hangul Hcell Document (.cell) and processing a particular record within the Workbook stream, an index miscalculation leading to a heap overlow can be made to occur in Hancom Office 2014...

Vulnerability Description

When opening a Hangul Hcell Document (.cell) and processing a particular record within the Workbook stream, an index miscalculation leading to a heap overlow can be made to occur in Hancom Office 2014. The vulnerability occurs when processing data for a formula used to render a chart via the HncChartPlugin.hplg library. Due to a lack of bounds-checking when incrementing an index that is used for writing into a buffer for formulae, the application can be made to write pointer data outside its bounds which can lead to code execution under the context of the application.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
HancomHancom Office 2014<= 9.1.0.2176

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2016-4295?

CVE-2016-4295 is a vulnerability with a CVSS score of 7.8 (HIGH). When opening a Hangul Hcell Document (.cell) and processing a particular record within the Workbook stream, an index miscalculation leading to a heap overlow can be made to occur in Hancom Office 2014...

How severe is CVE-2016-4295?

CVE-2016-4295 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-4295?

Check the references section above for vendor advisories and patch information. Affected products include: Hancom Hancom Office 2014.