CVE-2023-38855 — Out-of-bounds Write in Project Libxls

CWE-787 — Out-of-bounds Write CWE-125 — Out-of-bounds Read5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.8%

top 26.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libxls Project Libxls Debian R-cran-readxl

Timeline

PublishedAug 15

Description

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:395.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶debiandebian/r-cran-readxl

▶NVDlibxls_project/libxls1.6.2

🔴Vulnerability Details

OSV

CVE-2023-38855: Buffer Overflow vulnerability in libxlsv↗2023-08-15

▶

GHSA

GHSA-hfhg-3fc7-vr2g: Buffer Overflow vulnerability in libxlsv↗2023-08-15

▶

📋Vendor Advisories

Red Hat

libxls: heap buffer overflow in xls_parseWorkBook() in xls.c↗2023-08-15

▶

Debian

CVE-2023-38855: r-cran-readxl - Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execu...↗2023

▶