Skip to main content

Libxls

15 CVEs product

Monthly

CVE-2026-26825 MEDIUM This Month

Use-of-uninitialized memory in libxls 1.6.3 exposes applications that parse XLS files to potential information disclosure via heap memory leakage. The flaw originates in the OLE layer (ole2_read) and surfaces in xls_parseWorkBook() when processing malformed XLS input, meaning any downstream application or service that accepts and parses XLS files using this library inherits the exposure. With a CVSS score of 5.3 and an EPSS of 0.02% (6th percentile), real-world exploitation probability is low; no public exploit or CISA KEV listing exists at time of analysis.

Information Disclosure Libxls
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2023-38856 MEDIUM POC This Month

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:411. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Libxls
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-38855 MEDIUM POC This Month

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:395. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Libxls
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-38854 MEDIUM POC This Month

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the transcode_latin1_to_utf8 function in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Libxls
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-38853 MEDIUM POC This Month

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1015. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Libxls
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-38852 MEDIUM POC This Month

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the unicode_decode_wcstombs function in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Libxls
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-38851 MEDIUM POC This Month

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1018. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Libxls
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-27836 MEDIUM PATCH This Month

An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Libxls Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2018-20452 HIGH POC This Week

The read_MSAT_body function in ole.c in libxls 1.4.0 has an invalid free that allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Libxls
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-20450 MEDIUM POC This Month

The read_MSAT function in ole.c in libxls 1.4.0 has a double free that allows attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libxls
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2017-2919 HIGH This Week

An exploitable stack based buffer overflow vulnerability exists in the xls_getfcell function of libxls 1.3.4. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption RCE Libxls Debian Linux
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2017-2897 HIGH This Week

An exploitable out-of-bounds write vulnerability exists in the read_MSAT function of libxls 1.4. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption RCE Libxls
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2017-2896 HIGH This Week

An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption RCE Libxls Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2017-12111 HIGH This Week

An exploitable out-of-bounds vulnerability exists in the xls_addCell function of libxls 1.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption RCE Libxls
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-12110 HIGH This Week

An exploitable integer overflow vulnerability exists in the xls_appendSST function of libxls 1.4.A specially crafted XLS file can cause memory corruption resulting in remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Buffer Overflow Libxls
NVD
CVSS 3.0
8.8
EPSS
0.7%
EPSS 0% CVSS 5.3
MEDIUM This Month

Use-of-uninitialized memory in libxls 1.6.3 exposes applications that parse XLS files to potential information disclosure via heap memory leakage. The flaw originates in the OLE layer (ole2_read) and surfaces in xls_parseWorkBook() when processing malformed XLS input, meaning any downstream application or service that accepts and parses XLS files using this library inherits the exposure. With a CVSS score of 5.3 and an EPSS of 0.02% (6th percentile), real-world exploitation probability is low; no public exploit or CISA KEV listing exists at time of analysis.

Information Disclosure Libxls
NVD GitHub VulDB
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:411. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:395. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the transcode_latin1_to_utf8 function in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1015. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the unicode_decode_wcstombs function in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1018. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Libxls +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

The read_MSAT_body function in ole.c in libxls 1.4.0 has an invalid free that allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Libxls
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

The read_MSAT function in ole.c in libxls 1.4.0 has a double free that allows attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libxls
NVD GitHub
EPSS 1% CVSS 7.8
HIGH This Week

An exploitable stack based buffer overflow vulnerability exists in the xls_getfcell function of libxls 1.3.4. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An exploitable out-of-bounds write vulnerability exists in the read_MSAT function of libxls 1.4. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption RCE +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption RCE +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An exploitable out-of-bounds vulnerability exists in the xls_addCell function of libxls 1.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption RCE +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An exploitable integer overflow vulnerability exists in the xls_appendSST function of libxls 1.4.A specially crafted XLS file can cause memory corruption resulting in remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Buffer Overflow +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy