Vulnerabilities > CVE-2023-38852 - Out-of-bounds Write vulnerability in Libxls Project Libxls 1.6.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the unicode_decode_wcstombs function in xlstool.c:266.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- https://github.com/libxls/libxls/issues/124
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQYGEBDBCOWBRHOW44BSSRADUOZBXHUE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHBUPYF2NX34HNAWZ3WYHKWU3KWVQUSV/