GHSA-84WQ-86V6-X5J6 PhpSpreadsheet has CPU Denial of Service via Unbounded Row Index in SpreadsheetML XML Reader

Summary The SpreadsheetML XML reader Reader\Xml does not validate the ss:Index row attribute against the maximum allowed row count AddressRange::MAXROW = 1,048,576. An attacker can craft a SpreadsheetML XML file with ss:Index="999999999" on a element, which inflates the internal cachedHighestRow ...

CVE-2023-50234

Hancom Office Cell XLS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Cell. User interaction is required to exploit this vulnerability in that the target...

CVE-2023-27364

Foxit PDF Editor XLS File Parsing Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must...

Foxit PDF Editor 安全漏洞

Foxit PDF Editor is a PDF editor from the Chinese company Foxit Foxit. A security vulnerability exists in Foxit PDF Editor, which originates from a remote code execution vulnerability in the XLS file parsing expose dangerous method...

CVE-2024-22368

The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells...

PT-2023-8033 · Hancom · Hancom Office Cell

Name of the Vulnerable Software and Affected Versions: Hancom Office Cell affected versions not specified Description: This issue is a stack-based buffer overflow in the XLS file parsing functionality of Hancom Office Cell. It allows remote attackers to execute arbitrary code on affected...

PT-2021-3041 · Microsoft · Office Web Apps Server +3

Name of the Vulnerable Software and Affected Versions: Microsoft Office affected versions not specified Microsoft 365 Apps for Enterprise affected versions not specified Microsoft Excel affected versions not specified Microsoft Office Web Apps Server affected versions not specified Description: T...

CVE-2011-1277

Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted...

CVE-2011-1274

Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information during parsing of Excel...