彙總 libxls_project 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
已披露問題常與 記憶體損壞與緩衝區溢位 相關,可能在 生產負載與軟體部署 場景中帶來 記憶體損壞與應用程式崩潰 等暴露風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2023-38856 | Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:411. | [email protected] | 6.5 | 0.92% | 2023-08-15 | 2024-11-21 |
| CVE-2023-38855 | Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:395. | [email protected] | 6.5 | 0.92% | 2023-08-15 | 2024-11-21 |
| CVE-2023-38854 | Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the transcode_latin1_to_utf8 function in xlstool.c:296. | [email protected] | 6.5 | 0.92% | 2023-08-15 | 2024-11-21 |
| CVE-2023-38853 | Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1015. | [email protected] | 6.5 | 0.92% | 2023-08-15 | 2024-11-21 |
| CVE-2023-38852 | Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the unicode_decode_wcstombs function in xlstool.c:266. | [email protected] | 6.5 | 1.17% | 2023-08-15 | 2025-11-04 |
| CVE-2023-38851 | Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1018. | [email protected] | 6.5 | 0.92% | 2023-08-15 | 2024-11-21 |
| CVE-2021-27836 | An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file. | [email protected] | 6.5 | 0.42% | 2021-11-03 | 2024-11-21 |
| CVE-2020-27819 | An issue was discovered in libxls before and including 1.6.1 when reading Microsoft Excel files. A NULL pointer dereference vulnerability exists when parsing XLS cells in libxls/xls2csv.c:199. It could allow a remote attacker to cause a denial of service via crafted XLS file. | [email protected] | 5.5 | 0.27% | 2021-02-23 | 2024-11-21 |
| CVE-2017-2910 | An exploitable Out-of-bounds Write vulnerability exists in the xls_addCell function of libxls 2.0. A specially crafted xls file can cause a memory corruption resulting in remote code execution. An attacker can send malicious xls file to trigger this vulnerability. | [email protected] | 8.8 | 1.25% | 2020-12-02 | 2024-11-21 |
| CVE-2018-20452 | The read_MSAT_body function in ole.c in libxls 1.4.0 has an invalid free that allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, because of inconsistent memory management (new versus free) in ole2_read_header in ole.c. | [email protected] | 8.8 | 0.40% | 2018-12-25 | 2024-11-21 |
| CVE-2018-20450 | The read_MSAT function in ole.c in libxls 1.4.0 has a double free that allows attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2017-2897. | [email protected] | 6.5 | 0.26% | 2018-12-25 | 2024-11-21 |
| CVE-2017-12109 | An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULRK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. | [email protected] | 8.8 | 1.10% | 2018-04-24 | 2024-11-21 |
| CVE-2017-12108 | An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULBLANK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. | [email protected] | 8.8 | 1.10% | 2018-04-24 | 2024-11-21 |
| CVE-2017-2919 | An exploitable stack based buffer overflow vulnerability exists in the xls_getfcell function of libxls 1.3.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability | [email protected] | 7.8 | 1.30% | 2017-11-20 | 2026-05-13 |
| CVE-2017-2897 | An exploitable out-of-bounds write vulnerability exists in the read_MSAT function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. | [email protected] | 7.8 | 0.31% | 2017-11-20 | 2026-05-13 |
| CVE-2017-2896 | An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. | [email protected] | 7.8 | 0.56% | 2017-11-20 | 2026-05-13 |
| CVE-2017-12111 | An exploitable out-of-bounds vulnerability exists in the xls_addCell function of libxls 1.4. A specially crafted XLS file with a formula record can cause memory corruption resulting in remote code execution. An attacker can send a malicious XLS file to trigger this vulnerability. | [email protected] | 8.8 | 0.66% | 2017-11-20 | 2026-05-13 |
| CVE-2017-12110 | An exploitable integer overflow vulnerability exists in the xls_appendSST function of libxls 1.4.A specially crafted XLS file can cause memory corruption resulting in remote code execution. | [email protected] | 8.8 | 0.66% | 2017-11-20 | 2026-05-13 |