View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2023-7101 severity important: SUSE including 3 source package names (perl-Spreadsheet-ParseExcel-0.65-150000.3.3.1, perl-Spreadsheet-ParseExcel-0.660.0-1.1, perl-Spreadsheet-ParseExcel-0.660.0-160000.2.2), 27 product×package rows across 27 product lines (SUSE CaaS Platform 4.0, SUSE Enterprise Storage 7.1, … (27 product lines)): Fixed 27.
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.