CVE-2023-38852

Name of the Vulnerable Software and Affected Versions libxlsv version 1.6.2

Description The issue allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the unicode decode wcstombs function in xlstool.c:266. This can lead to the execution of arbitrary code, resulting in a denial of service.

Recommendations For libxlsv version 1.6.2, consider disabling the unicode decode wcstombs function until a patch is available to prevent the execution of arbitrary code. Restrict access to the xlstool.c module to minimize the risk of exploitation. Avoid using the affected function with crafted XLS files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.