Libxls Project Libxls vulnerabilities

18 known vulnerabilities affecting libxls_project/libxls.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

HIGH9MEDIUM9

Vulnerabilities

Page 1 of 1

CVE-2023-38852MEDIUMCVSS 6.5v1.6.22023-08-15

CVE-2023-38852 [MEDIUM] CWE-787 CVE-2023-38852: Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code an Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the unicode_decode_wcstombs function in xlstool.c:266.

nvd

CVE-2023-38855MEDIUMCVSS 6.5v1.6.22023-08-15

CVE-2023-38855 [MEDIUM] CWE-787 CVE-2023-38855: Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code an Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:395.

nvd

CVE-2023-38856MEDIUMCVSS 6.5v1.6.22023-08-15

CVE-2023-38856 [MEDIUM] CWE-787 CVE-2023-38856: Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code an Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:411.

nvd

CVE-2023-38851MEDIUMCVSS 6.5v1.6.22023-08-15

CVE-2023-38851 [MEDIUM] CWE-787 CVE-2023-38851: Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code an Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1018.

nvd

CVE-2023-38854MEDIUMCVSS 6.5v1.6.22023-08-15

CVE-2023-38854 [MEDIUM] CWE-787 CVE-2023-38854: Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code an Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the transcode_latin1_to_utf8 function in xlstool.c:296.

nvd

CVE-2023-38853MEDIUMCVSS 6.5v1.6.22023-08-15

CVE-2023-38853 [MEDIUM] CWE-787 CVE-2023-38853: Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code an Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1015.

nvd

CVE-2021-27836MEDIUMCVSS 6.5v1.6.22021-11-03

CVE-2021-27836 [MEDIUM] CWE-476 CVE-2021-27836: An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file.

nvd

CVE-2020-27819MEDIUMCVSS 5.5fixed in 1.6.2vlibxls before 1.6.22021-02-23

CVE-2020-27819 [MEDIUM] CWE-476 CVE-2020-27819: An issue was discovered in libxls before and including 1.6.1 when reading Microsoft Excel files. A N An issue was discovered in libxls before and including 1.6.1 when reading Microsoft Excel files. A NULL pointer dereference vulnerability exists when parsing XLS cells in libxls/xls2csv.c:199. It could allow a remote attacker to cause a denial of service via crafted XLS file.

nvd

CVE-2017-2910HIGHCVSS 8.8v2.0.0vlibxls 2.02020-12-02

CVE-2017-2910 [HIGH] CWE-787 CVE-2017-2910: An exploitable Out-of-bounds Write vulnerability exists in the xls_addCell function of libxls 2.0. A An exploitable Out-of-bounds Write vulnerability exists in the xls_addCell function of libxls 2.0. A specially crafted xls file can cause a memory corruption resulting in remote code execution. An attacker can send malicious xls file to trigger this vulnerability.

nvd

CVE-2018-20452HIGHCVSS 8.8v1.4.02018-12-25

CVE-2018-20452 [HIGH] CWE-119 CVE-2018-20452: The read_MSAT_body function in ole.c in libxls 1.4.0 has an invalid free that allows attackers to ca The read_MSAT_body function in ole.c in libxls 1.4.0 has an invalid free that allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, because of inconsistent memory management (new versus free) in ole2_read_header in ole.c.

nvd

CVE-2018-20450MEDIUMCVSS 6.5v1.4.02018-12-25

CVE-2018-20450 [MEDIUM] CVE-2018-20450: The read_MSAT function in ole.c in libxls 1.4.0 has a double free that allows attackers to cause a d The read_MSAT function in ole.c in libxls 1.4.0 has a double free that allows attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2017-2897.

nvd

CVE-2017-12109HIGHCVSS 8.8v1.42018-04-24

CVE-2017-12109 [HIGH] CWE-190 CVE-2017-12109: An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULRK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.

nvd

CVE-2017-12108HIGHCVSS 8.8v1.42018-04-24

CVE-2017-12108 [HIGH] CWE-190 CVE-2017-12108: An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULBLANK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.

nvd

CVE-2017-2897HIGHCVSS 7.8v1.4.02017-11-20

CVE-2017-2897 [HIGH] CWE-787 CVE-2017-2897: An exploitable out-of-bounds write vulnerability exists in the read_MSAT function of libxls 1.4. A s An exploitable out-of-bounds write vulnerability exists in the read_MSAT function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.

nvd

CVE-2017-2896HIGHCVSS 7.8v1.42017-11-20

CVE-2017-2896 [HIGH] CWE-787 CVE-2017-2896: An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1. An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.

nvd

CVE-2017-2919HIGHCVSS 7.8v1.3.42017-11-20

CVE-2017-2919 [HIGH] CWE-787 CVE-2017-2919: An exploitable stack based buffer overflow vulnerability exists in the xls_getfcell function of libx An exploitable stack based buffer overflow vulnerability exists in the xls_getfcell function of libxls 1.3.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability

nvd

CVE-2017-12110HIGHCVSS 7.8v1.42017-11-20

CVE-2017-12110 [HIGH] CWE-190 CVE-2017-12110: An exploitable integer overflow vulnerability exists in the xls_appendSST function of libxls 1.4.A s An exploitable integer overflow vulnerability exists in the xls_appendSST function of libxls 1.4.A specially crafted XLS file can cause memory corruption resulting in remote code execution.

nvd

CVE-2017-12111HIGHCVSS 7.8v1.42017-11-20

CVE-2017-12111 [HIGH] CWE-787 CVE-2017-12111: An exploitable out-of-bounds vulnerability exists in the xls_addCell function of libxls 1.4. A speci An exploitable out-of-bounds vulnerability exists in the xls_addCell function of libxls 1.4. A specially crafted XLS file with a formula record can cause memory corruption resulting in remote code execution. An attacker can send a malicious XLS file to trigger this vulnerability.

nvd