EUVD-2024-54625CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionNVD
A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in xls2csv utility version 0.95. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
AnalysisAI
Heap buffer overflow vulnerability in the Shared String Table Record Parser of xls2csv utility version 0.95, allowing unauthenticated local attackers to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. The vulnerability is triggered by processing a specially crafted malformed Excel file, presenting significant risk to users who process untrusted spreadsheet inputs. No confirmed active exploitation in the wild has been reported at this time, though the local attack vector and lack of privilege requirements suggest moderate real-world exploitability.
Technical ContextAI
The xls2csv utility is a command-line tool designed to convert Microsoft Excel spreadsheet files (.xls format) to comma-separated values (CSV) format. The vulnerability resides specifically in the Shared String Table Record Parser—a component responsible for extracting and parsing string data stored in the shared string table within Excel's OLE2/compound document format. The root cause is classified as CWE-680 (Integer Overflow to Buffer Overflow), indicating that the parser fails to properly validate record lengths or buffer boundaries when processing malformed string table records. This allows an attacker to write beyond allocated heap memory when a specially crafted file specifies string lengths that exceed the allocated buffer size. The vulnerability affects xls2csv version 0.95 and potentially earlier versions that share the same vulnerable code path.
RemediationAI
Patch/Upgrade: Upgrade xls2csv to a patched version beyond 0.95. Check the official xls2csv repository (likely GitHub) for version 0.96 or later containing fixes to the Shared String Table Record Parser with proper bounds checking.; severity: Critical Workaround: Restrict xls2csv usage to processing only trusted, internally-generated Excel files from known sources. Implement file validation or sandboxing: process Excel files in isolated containerized environments (Docker) or restricted user accounts with minimal privileges.; severity: High Mitigation: If xls2csv cannot be updated immediately, implement input validation to reject suspicious Excel files (e.g., files with unusually large string table records, files that fail basic format validation). Consider alternative tools with better security track records for Excel parsing (e.g., LibreOffice in batch mode).; severity: Medium Detection: Monitor for xls2csv process crashes (segmentation faults) when processing files, which may indicate exploitation attempts. Log all Excel files processed and correlate crashes with file metadata.; severity: Medium
Vendor StatusVendor
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| xenial | needs-triage | - |
| bionic | needs-triage | - |
| focal | needs-triage | - |
| jammy | needs-triage | - |
| noble | needs-triage | - |
| upstream | needs-triage | - |
| oracular | ignored | end of life, was needs-triage |
| plucky | ignored | end of life, was needs-triage |
| questing | needs-triage | - |
Debian
Bug #1107168| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | fixed | 1:0.95-4.1+deb11u1 | - |
| bullseye (security) | fixed | 1:0.95-4.1+deb11u1 | - |
| bookworm, bookworm (security) | fixed | 1:0.95-6~deb12u1 | - |
| forky, sid, trixie | fixed | 1:0.95-6 | - |
| bookworm | fixed | 1:0.95-6~deb12u1 | - |
| (unstable) | fixed | 1:0.95-6 | - |
Share
External POC / Exploit Code
Leaving vuln.today