CVE-2026-26824

A flaw was found in libxls. This vulnerability, a use of uninitialized memory, occurs in the OLE container parser when processing a specially crafted XLS file. An attacker could exploit this by providing a malicious XLS file, which may lead to application crashes or the potential disclosure of...

DEBIAN-CVE-2023-38854

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the transcodelatin1toutf8 function in xlstool.c:296...

DEBIAN-CVE-2023-38856

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the getstring function in xlstool.c:411...

CVE-2023-38851

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xlsparseWorkBook function in xls.c:1018...

UBUNTU-CVE-2023-38855

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the getstring function in xlstool.c:395...

PT-2023-26635 · Libxls +1 · Libxls +1

Name of the Vulnerable Software and Affected Versions: libxlsv version 1.6.2 Description: A Buffer Overflow issue allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the transcode latin1 to utf8 function in xlstool.c. Recommendations: For...

SUSE CVE-2011-1986

Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability."...

SUSE CVE-2021-27836

An issue was discoverered in in function xlsgetWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file...

GHSA-CHQF-HX79-GXC6 Improper Restriction of XML External Entity Reference in Openpyxl

Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document...

UBUNTU-CVE-2021-27836

An issue was discoverered in in function xlsgetWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file...

libreoffice: Remote arbitrary file disclosure vulnerability via WEBSERVICE formula

A flaw was found in libreoffice before 5.4.5 and before 6.0.1. Arbitrary remote file disclosure may be achieved by the use of the WEBSERVICE formula in a specially crafted ODS file...

UBUNTU-CVE-2017-5992

Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document...

Xxe

The Office Open XML OOXML feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via a crafted OOXML spreadsheet containing an external entity declaration in conjunction with an entity...

CVE-2016-4264

The Office Open XML OOXML feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via a crafted OOXML spreadsheet containing an external entity declaration in conjunction with an entity...

CVE-2016-4264

The Office Open XML OOXML feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via a crafted OOXML spreadsheet containing an external entity declaration in conjunction with an entity...

CVE-2016-4264

CVE-2016-4264 affects Adobe ColdFusion 10 (before Update 21) and 11 (before Update 10). The OOXML feature parser is vulnerable to XML External Entity (XXE) processing via a crafted OOXML spreadsheet containing an external entity declaration and an entity reference, enabling reading of arbitrary f...

Microsoft Excel ASLR Bypass Vulnerability

Microsoft Excel, Excel Viewer and SharePoint Server are all products of Microsoft Corporation.Excel is a spreadsheet processing software in the Office suite.Excel Viewer is a free Office Excel spreadsheet viewer. SharePoint Server is an enterprise business collaboration platform. There is a...

Microsoft Office Excel pivotField Heap Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to corrupt heap memory on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within processing o...

USN-2331-1 libreoffice vulnerability

Rohan Durve and James Kettle discovered LibreOffice Calc sometimes allowed for command injection when opening spreadsheets. If a user were tricked into opening a crafted Calc spreadsheet, an attacker could exploit this to run programs as your login...

CVE-2012-2543

Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Stack Overflow Vulnerability."...