CVE-2023-38852 — Out-of-bounds Write in Project Libxls

CWE-787 — Out-of-bounds Write CWE-125 — Out-of-bounds Read9 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

1.0%

top 23.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libxls Project Libxls Debian R-cran-readxl

Timeline

PublishedAug 15

Description

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the unicode_decode_wcstombs function in xlstool.c:266.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶debiandebian/r-cran-readxl

▶NVDlibxls_project/libxls1.6.2

🔴Vulnerability Details

OSV

CVE-2023-38852: Buffer Overflow vulnerability in libxlsv↗2023-08-15

▶

GHSA

GHSA-3xcx-j8jr-m5vv: Buffer Overflow vulnerability in libxlsv↗2023-08-15

▶