CVE-2023-38851

Name of the Vulnerable Software and Affected Versions libxls version 1.6.2

Description The issue allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls parseWorkBook function in xls.c:1018. This is a buffer overflow vulnerability.

Recommendations For libxls version 1.6.2, consider disabling the xls parseWorkBook function until a patch is available to prevent exploitation. Restrict access to the vulnerable xls.c file to minimize the risk of arbitrary code execution. Avoid using the vulnerable function with crafted XLS files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.