CVE-2023-38851 — Out-of-bounds Write in Project Libxls

CWE-787 — Out-of-bounds Write CWE-125 — Out-of-bounds Read5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.8%

top 26.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libxls Project Libxls Debian R-cran-readxl

Timeline

PublishedAug 15

Description

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1018.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶debiandebian/r-cran-readxl

▶NVDlibxls_project/libxls1.6.2

🔴Vulnerability Details

OSV

CVE-2023-38851: Buffer Overflow vulnerability in libxlsv↗2023-08-15

▶

GHSA

GHSA-77g9-xr3f-gjr9: Buffer Overflow vulnerability in libxlsv↗2023-08-15

▶

📋Vendor Advisories

Red Hat

libxls: heap buffer overflow in xls_parseWorkBook() in xls.c↗2023-08-15

▶

Debian

CVE-2023-38851: r-cran-readxl - Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execu...↗2023

▶