123elf Lotus 1-2-3 before 1.0.0rc3 for Linux, and Lotus 1-2-3 R3 for UNIX and other platforms through 9.8.2, allow attackers to execute arbitrary code via a crafted worksheet. This occurs because of a stack-based buffer overflow in the cell format processing routines, as demonstrated by a certain function call from processfmt() that can be reached via a w3rformat element in a wk3 document.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/39xxx/CVE-2022-39843.json",
"cna_assigner": "mitre",
"unresolved_ranges": [
{
"extracted_events": [
{
"fixed": "9.8.2"
}
],
"source": "DESCRIPTION"
}
]
}