Filtered by vendor Libxls
Subscriptions
Filtered by product Libxls
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-26824 | 2 Libxls, Libxls Project | 2 Libxls, Libxls | 2026-06-05 | 6.5 Medium |
| libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table (MSAT) in read_MSAT() is not fully initialized before being consumed by ole2_validate_sector_chain(), which may result in application crashes or potential information disclosure when processing a crafted XLS file | ||||
| CVE-2026-26825 | 2 Libxls, Libxls Project | 2 Libxls, Libxls | 2026-06-05 | 5.3 Medium |
| A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xls_parseWorkBook() and is triggered by uninitialized heap memory originating from the OLE layer (ole2_read). The flaw is detectable with MemorySanitizer (MSAN) and can lead to undefined behavior, incorrect parsing logic, or potential information disclosure. | ||||
Page 1 of 1.