608 matches found
CVE-2026-41034
ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conversion via pictFmla.cbBufInCtlStm and other vectors, leading to an information leak and ASLR bypass...
Linux Distros Unpatched Vulnerability : CVE-2026-26825
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xlsparseWorkBook and is triggere...
CVE-2026-26824
libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...
CVE-2026-26825
A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xlsparseWorkBook and is triggered by uninitialized heap memory originating from the OLE layer ole2read. The flaw is detectable with MemorySanitizer MSAN and can lead to...
DEBIAN-CVE-2026-26824
libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...
UBUNTU-CVE-2026-26825
A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xlsparseWorkBook and is triggered by uninitialized heap memory originating from the OLE layer ole2read. The flaw is detectable with MemorySanitizer MSAN and can lead to...
EUVD-2026-34179
A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xlsparseWorkBook and is triggered by uninitialized heap memory originating from the OLE layer ole2read. The flaw is detectable with MemorySanitizer MSAN and can lead to...
CVE-2026-26825
A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xlsparseWorkBook and is triggered by uninitialized heap memory originating from the OLE layer ole2read. The flaw is detectable with MemorySanitizer MSAN and can lead to...
CVE-2026-26825
A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xlsparseWorkBook and is triggered by uninitialized heap memory originating from the OLE layer ole2read. The flaw is detectable with MemorySanitizer MSAN and can lead to...
CVE-2026-26824
libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...
PT-2026-46057
Name of the Vulnerable Software and Affected Versions libxls versions prior to 1.6.4 Description The OLE container parser contains an issue where memory allocated for the Master Sector Allocation Table MSAT in the read MSAT function is not fully initialized before being used by the ole2 validate...
CVE-2026-26824
libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...
CVE-2026-26825
Libxls 1.6.3 contains a use-of-uninitialized memory vulnerability when parsing malformed XLS files. The issue is triggered by uninitialized heap memory originating from the OLE layer (ole2_read) and is reachable via xls_parseWorkBook(). MemorySanitizer can detect it; the advisory notes undefined ...
CVE-2026-26825
A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xlsparseWorkBook and is triggered by uninitialized heap memory originating from the OLE layer ole2read. The flaw is detectable with MemorySanitizer MSAN and can lead to...
EUVD-2026-23199
ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conversion via pictFmla.cbBufInCtlStm and other vectors, leading to an information leak and ASLR bypass...
CVE-2026-41034
ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conversion via pictFmla.cbBufInCtlStm and other vectors, leading to an information leak and ASLR bypass...
CVE-2026-41034
ONLYOFFICE DocumentServer prior to 9.3.0 contains an untrusted pointer dereference in XLS processing/conversion (via pictFmla.cbBufInCtlStm and related vectors), causing information leakage and an ASLR bypass. Affected product: ONLYOFFICE DocumentServer. Root cause: untrusted pointer dereference ...
CVE-2026-41034
ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conversion via pictFmla.cbBufInCtlStm and other vectors, leading to an information leak and ASLR bypass...
CVE-2022-42882
Improper Neutralization of Formula Elements in a CSV File vulnerability in Shambix Simple CSV/XLS Exporter.This issue affects Simple CSV/XLS Exporter: from n/a through 1.5.8...
CVE-2025-14412
Soda PDF Desktop XLS File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a...