Libxls Project

libxls_project

18 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (18)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-38856 1Libxls Project 1Libxls Nov 21, 2024 Aug 15, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:411.
CVE-2023-38855 1Libxls Project 1Libxls Nov 21, 2024 Aug 15, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:395.
CVE-2023-38854 1Libxls Project 1Libxls Nov 21, 2024 Aug 15, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the transcode_latin1_to_utf8 function in xlstool.c:296.
CVE-2023-38853 1Libxls Project 1Libxls Nov 21, 2024 Aug 15, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1015.
CVE-2023-38852 1Libxls Project 1Libxls Nov 4, 2025 Aug 15, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the unicode_decode_wcstombs function in xlstool.c:266.
CVE-2023-38851 1Libxls Project 1Libxls Nov 21, 2024 Aug 15, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1018.
CVE-2021-27836 2Fedoraproject Libxls Project 2Fedora Libxls Nov 21, 2024 Nov 3, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file.
CVE-2020-27819 1Libxls Project 1Libxls Nov 21, 2024 Feb 23, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in libxls before and including 1.6.1 when reading Microsoft Excel files. A NULL pointer dereference vulnerability exists when parsing XLS cells in libxls/xls2csv.c:199. It could allow a remote att...Show more An issue was discovered in libxls before and including 1.6.1 when reading Microsoft Excel files. A NULL pointer dereference vulnerability exists when parsing XLS cells in libxls/xls2csv.c:199. It could allow a remote attacker to cause a denial of service via crafted XLS file.Show less
CVE-2017-2910 1Libxls Project 1Libxls Nov 21, 2024 Dec 2, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An exploitable Out-of-bounds Write vulnerability exists in the xls_addCell function of libxls 2.0. A specially crafted xls file can cause a memory corruption resulting in remote code execution. An attacker can send malic...Show more An exploitable Out-of-bounds Write vulnerability exists in the xls_addCell function of libxls 2.0. A specially crafted xls file can cause a memory corruption resulting in remote code execution. An attacker can send malicious xls file to trigger this vulnerability.Show less
CVE-2018-20452 1Libxls Project 1Libxls Nov 21, 2024 Dec 25, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The read_MSAT_body function in ole.c in libxls 1.4.0 has an invalid free that allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, because of inc...Show more The read_MSAT_body function in ole.c in libxls 1.4.0 has an invalid free that allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, because of inconsistent memory management (new versus free) in ole2_read_header in ole.c.Show less
CVE-2018-20450 1Libxls Project 1Libxls Nov 21, 2024 Dec 25, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The read_MSAT function in ole.c in libxls 1.4.0 has a double free that allows attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2017-2897.
CVE-2017-12109 1Libxls Project 1Libxls Nov 21, 2024 Apr 24, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULRK record. A specially crafted XLS file can cause a memory corruption resulting in remote code e...Show more An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULRK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.Show less
CVE-2017-12108 1Libxls Project 1Libxls Nov 21, 2024 Apr 24, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULBLANK record. A specially crafted XLS file can cause a memory corruption resulting in remote cod...Show more An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULBLANK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.Show less
CVE-2017-2919 2Debian Libxls Project 2Debian Linux Libxls May 13, 2026 Nov 20, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An exploitable stack based buffer overflow vulnerability exists in the xls_getfcell function of libxls 1.3.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can...Show more An exploitable stack based buffer overflow vulnerability exists in the xls_getfcell function of libxls 1.3.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerabilityShow less
CVE-2017-2897 1Libxls Project 1Libxls May 13, 2026 Nov 20, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An exploitable out-of-bounds write vulnerability exists in the read_MSAT function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicio...Show more An exploitable out-of-bounds write vulnerability exists in the read_MSAT function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.Show less
CVE-2017-2896 2Debian Libxls Project 2Debian Linux Libxls May 13, 2026 Nov 20, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send...Show more An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.Show less
CVE-2017-12111 1Libxls Project 1Libxls May 13, 2026 Nov 20, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An exploitable out-of-bounds vulnerability exists in the xls_addCell function of libxls 1.4. A specially crafted XLS file with a formula record can cause memory corruption resulting in remote code execution. An attacker...Show more An exploitable out-of-bounds vulnerability exists in the xls_addCell function of libxls 1.4. A specially crafted XLS file with a formula record can cause memory corruption resulting in remote code execution. An attacker can send a malicious XLS file to trigger this vulnerability.Show less
CVE-2017-12110 1Libxls Project 1Libxls May 13, 2026 Nov 20, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An exploitable integer overflow vulnerability exists in the xls_appendSST function of libxls 1.4.A specially crafted XLS file can cause memory corruption resulting in remote code execution.