suse · CVE-2023-7101

Quick triage

Priority: high Published: 2023-12-28 00:16:20 UTC Updated: 2026-03-05 03:50:01 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2023-7101 severity important: SUSE including 3 source package names (perl-Spreadsheet-ParseExcel-0.65-150000.3.3.1, perl-Spreadsheet-ParseExcel-0.660.0-1.1, perl-Spreadsheet-ParseExcel-0.660.0-160000.2.2), 27 product×package rows across 27 product lines (SUSE CaaS Platform 4.0, SUSE Enterprise Storage 7.1, … (27 product lines)): Fixed 27.

Description:

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.

cvelogic Threat Intelligence