EUVD-2026-30859

The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...

CVE-2026-40902 PhpSpreadsheet: CPU Denial of Service via Unbounded Row Number in XLSX Row Dimensions

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the XLSX reader's ColumnAndRowAttributes::readRowAttributes method reads row numbers from XML attributes without validating them against the spreadsheet maximum row...

GHSA-7C6M-4442-2X6M PhpSpreadsheet has CPU Denial of Service via Unbounded Row Number in XLSX Row Dimensions

Summary The XLSX reader's ColumnAndRowAttributes::readRowAttributes method reads row numbers from XML attributes without validating them against the spreadsheet maximum row limit AddressRange::MAXROW = 1,048,576. An attacker can craft a minimal XLSX file 1.6KB containing a element that inflates...

CVE-2025-14404

PDFsam Enhanced XLS File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerability in that the target must visit a...

Pdfforge Pdf Architect 安全漏洞

Pdfforge Pdf Architect is a solution for viewing and editing PDF documents from Pdfforge. A security vulnerability exists in Pdfforge Pdf Architect that stems from the processing of XLS files that allows the execution of dangerous scripts without user warnings, which could lead to remote code...

SUSE CVE-2023-38853

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xlsparseWorkBook function in xls.c:1015...

CVE-2023-38856

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the getstring function in xlstool.c:411...

SUSE CVE-2017-5992

Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document...

Denial of Service Vulnerability in WPS Forms (CNVD-2018-03670)

WPS office is an office software suite independently developed by Kingsoft Corporation. A denial of service vulnerability exists in WPS Formset.exe in WPS when parsing a specific xls file, which can be exploited by an attacker to cause a denial of service...

Lexmark Perspective Document Filters XLS ShapeHLink Information Disclosure Vulnerability

Perceptive Document Filters allows software developers to perform in-depth inspection, format conversion, output manipulation and viewing of virtually any type of document. An information disclosure vulnerability exists in the XLS parsing of the Lexmark Perspective Document Filters conversion...