Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
Libxls ProjectLibxls

20 matches found

CVE
CVEadded 2021/02/23 3:40 a.m.160 views

CVE-2020-27819

The CVE-2020-27819 issue affects libxls up to version 1.6.1, where a NULL pointer dereference can occur while parsing XLS cells in libxls/xls2csv.c:199, potentially allowing a remote attacker to cause a denial of service when processing crafted Excel files. Public advisories indicate the fix is i...

5.5CVSS5.1AI score0.00829EPSS
CVE
CVEadded 2023/08/15 12:0 a.m.155 views

CVE-2023-38852

CVE-2023-38852 affects libxls (libxlsv.1.6.2) with a buffer overflow in unicode_decode_wcstombs in xlstool.c:266, allowing remote code execution and potential DoS. Fedori distributions have issued security advisories and patches (libxls-1.6.2-14.fc38/14.fc39) addressing this vulnerability; Fedora...

6.5CVSS6.8AI score0.0117EPSS
CVE
CVEadded 2023/08/15 12:0 a.m.123 views

CVE-2023-38851

CVE-2023-38851 affects libxls v1.6.2. The vulnerability is a buffer overflow in the xls_parseWorkBook function (xls.c:1018) that could enable a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file. Several sources corroborate the issue and, in at least on...

6.5CVSS6.9AI score0.00773EPSS
CVE
CVEadded 2023/08/15 12:0 a.m.116 views

CVE-2023-38854

CVE-2023-38854 affects libxls v1.6.2. Root cause: a buffer overflow in transcode_latin1_to_utf8 (xlstool.c:296) can allow a remote attacker to execute arbitrary code and cause denial of service via a crafted XLS file. The connected sources confirm the vulnerability details and suggest a temporary...

6.5CVSS6.9AI score0.00773EPSS
CVE
CVEadded 2023/08/15 12:0 a.m.112 views

CVE-2023-38853

CVE-2023-38853 concerns a buffer overflow in libxls v1.6.2, exploitable via a crafted XLS file to the xls_parseWorkBook function (xls.c:1015). The vulnerability could allow remote code execution and cause a denial of service. The provided documents consistently describe the affected component as ...

6.5CVSS6.9AI score0.00773EPSS
CVE
CVEadded 2017/11/20 10:0 p.m.76 views

CVE-2017-12110

The CVE-2017-12110 issue affects the libxls library (version 1.4.A) in the xls_appendSST function, causing an integer overflow that can lead to memory corruption and remote code execution when processing crafted XLS files. Public sources (CNVD-2017-37855, Debian DSA-4173-1) confirm the remote-exe...

8.8CVSS8.2AI score0.02097EPSS
CVE
CVEadded 2017/11/20 10:0 p.m.75 views

CVE-2017-12111

The CVE-2017-12111 issue is in the libxls library (v1.4) and affects the xls_addCell function. A specially crafted XLS file containing a formula record can cause memory corruption, enabling remote code execution. Public disclosures and downstream advisories (e.g., Gentoo GLSA 202003-64, Debian DS...

8.8CVSS8AI score0.02078EPSS
CVE
CVEadded 2017/11/20 10:0 p.m.73 views

CVE-2017-2896

CVE-2017-2896 affects libxls 1.4.x, where an exploitable out-of-bounds write in the xls_mergedCells function can cause memory corruption and remote code execution when processing a crafted XLS file. The cited sources describe an attacker sending malicious XLS data to trigger the vulnerability. Th...

8.8CVSS8AI score0.02052EPSS
CVE
CVEadded 2018/04/24 7:0 p.m.72 views

CVE-2017-12108

CVE-2017-12108 affects libxls 1.4. The issue is an exploitable integer overflow in the function xls_preparseWorkSheet when handling MULBLANK records, which can cause memory corruption and remote code execution if a specially crafted XLS file is processed. Attacker-controlled input is required (a ...

8.8CVSS9AI score0.02771EPSS
CVE
CVEadded 2018/04/24 7:0 p.m.68 views

CVE-2017-12109

CVE-2017-12109 is a vulnerability in libxls 1.4 where the xls_preparseWorkSheet function can overflow while processing a MULRK record, causing memory corruption and potentially remote code execution when a malicious XLS is opened. The issue is documented across multiple sources (NVD/NSS/Nessus re...

8.8CVSS9AI score0.02771EPSS
CVE
CVEadded 2021/11/03 4:7 p.m.67 views

CVE-2021-27836

CVE-2021-27836 affects libxls 1.6.2, in which the vulnerable code path is in xls_getWorkSheet in xls.c. Exploitation with a crafted XLS file can cause a denial of service. Several connected advisories document a remediation path: openSUSE issued a security update (openSUSE-SU-2022:0142-1) fixing ...

6.5CVSS6AI score0.01122EPSS
CVE
CVEadded 2017/11/20 10:0 p.m.66 views

CVE-2017-2919

The CVE-2017-2919 issue concerns the libxls library (v1.3.4) where the function xls_getfcell has a stack-based buffer overflow vulnerability. A crafted XLS file can cause memory corruption, enabling remote code execution . Public references consistently tie this to the libxls code path used when ...

8.8CVSS8.1AI score0.02057EPSS
CVE
CVEadded 2017/11/20 10:0 p.m.65 views

CVE-2017-2897

CVE-2017-2897 describes an exploitable out-of-bounds write in the read_MSAT function of libxls 1.4, causing memory corruption that enables remote code execution when processing a malicious XLS file. The vulnerability is triggered by a specially crafted Excel file and can be exploited via a crafte...

8.8CVSS7.3AI score0.02061EPSS
CVE
CVEadded 2018/12/25 5:0 p.m.61 views

CVE-2018-20452

CVE-2018-20452 affects libxls 1.4.0, where an invalid free in read_MSAT_body (and related memory handling in ole2_read_header in ole.c) can lead to a denial of service (application crash) or potentially other impact via crafted files. Multiple connected sources confirm the vulnerability resides i...

8.8CVSS8.4AI score0.01505EPSS
CVE
CVEadded 2020/12/02 5:26 p.m.55 views

CVE-2017-2910

The vulnerability CVE-2017-2910 affects libxls (notably xls_addCell) and is caused by an out-of-bounds write during MULBLANK record handling. A crafted XLS can trigger memory corruption, leading to remote code execution. Public writeups (e.g., TALOS-2017-0417) document the exact code path and sho...

8.8CVSS9AI score0.02088EPSS
CVE
CVEadded 2023/08/15 12:0 a.m.54 views

CVE-2023-38856

CVE-2023-38856 is a buffer overflow in libxlsv 1.6.2 affecting the get_string function in xlstool.c:411, enabling remote code execution and denial of service via a crafted XLS file. Multiple sources (NVD, RedHat, OSV, CVE listings, and PET/PT security notes) confirm the issue; CVSS v3.1 indicates...

6.5CVSS6.9AI score0.00773EPSS
CVE
CVEadded 2018/12/25 5:0 p.m.52 views

CVE-2018-20450

CVE-2018-20450 : In libxls 1.4.0, the read_MSAT function in ole.c has a double-free vulnerability, allowing denial of service (application crash) via a crafted XLS file. This is a separate issue from CVE-2017-2897. Connected sources confirm the affected component and impact, with remediation guid...

6.5CVSS6.4AI score0.01064EPSS
CVE
CVEadded 2023/08/15 12:0 a.m.47 views

CVE-2023-38855

CVE-2023-38855 concerns a buffer overflow in the library libxls v1.6.2. The flaw resides in the get_string function within xlstool.c (line 395), allowing a remote attacker to execute arbitrary code and cause a denial of service when processing a crafted XLS file. The available connected documents...

6.5CVSS6.9AI score0.00773EPSS
CVE
CVEadded 2026/06/03 12:0 a.m.19 views

CVE-2026-26824

CVE-2026-26824 affects libxls up to version 1.6.3, where the MSAT (Master Sector Allocation Table) memory allocated during read_MSAT() is not fully initialized before use by ole2_validate_sector_chain() in the OLE container parser. This use-of-uninitialized-memory can cause application crashes or...

6.5CVSS5.8AI score0.00228EPSS
CVE
CVEadded 2026/06/03 12:0 a.m.19 views

CVE-2026-26825

Libxls 1.6.3 contains a use-of-uninitialized memory vulnerability when parsing malformed XLS files. The issue is triggered by uninitialized heap memory originating from the OLE layer (ole2_read) and is reachable via xls_parseWorkBook(). MemorySanitizer can detect it; the advisory notes undefined ...

5.3CVSS5.8AI score0.00214EPSS