freexl is vulnerable to remote code execution (RCE) via heap based buffer overflow. The attackers can get full control over the heap overflow since it does not check the content and dimension of the XLS files input to the read_legacy_biff()
function. The vulnerability can be triggered only when malicious XLS file is in old BIFF format.