PT-2023-26634 · Libxls+1 · Libxls+1

Mondaylord

Published

2023-08-15

Updated

2023-08-19

CVE-2023-38853

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libxls version 1.6.2

Description The issue allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls parseWorkBook function in xls.c:1015. This can lead to the execution of arbitrary code and denial of service.

Recommendations For libxls version 1.6.2, consider disabling the xls parseWorkBook function until a patch is available to prevent exploitation. Restrict access to the xls.c file to minimize the risk of exploitation. Avoid using the xls parseWorkBook function with crafted XLS files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2023-38853

Affected Products

Debian

Libxls

PT-2023-26634 · Libxls+1 · Libxls+1

CVE-2023-38853

Weakness Enumeration

Related Identifiers

Affected Products

References · 11