RSEC-2023-2 Denial of Service (DoS) vulnerability

The readxl R package is exposed to a vulnerability owing to its underlying use of libxls library version 1.6.2. The vulnerability originates in the xlsgetWorkSheet function within xls.c in libxls. Attackers can exploit this flaw by utilizing a specially crafted XLS file, leading to a Denial of...

RSEC-2023-1 Double-free and invalid free vulnerabilities

The readxl R package has been found susceptible to vulnerabilities due to its dependency on libxls library version 1.4.0. Two distinct memory management issues were discovered in the readMSAT and readMSATbody functions within the ole.c component of libxls. The first vulnerability is a double-free...

RSEC-2023-0 Out-of-bounds write and stack based buffer overflow vulnerabilities

The readxl R package, versions 0.1.0 to 1.0.0, is vulnerable to multiple attack vectors due to the underlying use of the libxls library. Several exploitable vulnerabilities have been identified in different functions of libxls versions 1.3.4 and 1.4. These include out-of-bounds write and stack...

PT-2021-17634 · Libxls +2 · Libxls +2

Name of the Vulnerable Software and Affected Versions: libxls version 1.6.2 readxl affected versions not specified Description: An issue was discovered in the xls getWorkSheet function within xls.c in libxls, allowing attackers to cause a denial of service via a crafted XLS file. This can lead to...

Debian DSA-4173-1 : r-cran-readxl - security update

Marcin Noga discovered multiple vulnerabilities in readxl, a GNU R package to read Excel files via the integrated libxls library, which could result in the execution of arbitrary code if a malformed spreadsheet is processed. C Tenable Network Security, Inc. The descriptive text and package checks...

[SECURITY] [DSA 4173-1] r-cran-readxl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4173-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 16, 2018 https://www.debian.org/security/faq -...

DSA-4173-1 r-cran-readxl - security update

Bulletin has no description...

Debian: Security Advisory (DSA-4173-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

libxls xls_mergedCells Code Execution Vulnerability(CVE-2017-2896)

Summary An exploitable out-of-bounds write vulnerability exists in the xlsmergedCells function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious xls file to trigger this vulnerability. Tested Versions libxl...

libxls xls_appendSST Code Execution Vulnerability(CVE-2017-12110)

Summary An exploitable integer overflow vulnerability exists in the xlsappendSST function of libxls 1.4. A specially crafted XLS file can cause memory corruption resulting in remote code execution. An attacker can send a malicious XLS file to trigger this vulnerability. Tested Versions libxls 1.4...

libxls xls_mergedCells Code Execution Vulnerability

Summary An exploitable out-of-bounds write vulnerability exists in the xlsmergedCells function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious xls file to trigger this vulnerability. Tested Versions libxl...

libxls xls_preparseWorkSheet MULBLANK Code Execution Vulnerability

Summary An exploitable integer overflow vulnerability exists in the xlspreparseWorkSheet function of libxls 1.4 when handling a MULBLANK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this...