CVE-2026-26824

Name of the Vulnerable Software and Affected Versions libxls versions prior to 1.6.4

Description The OLE container parser contains an issue where memory allocated for the Master Sector Allocation Table (MSAT) in the read MSAT() function is not fully initialized before being used by the ole2 validate sector chain() function. This can lead to application crashes or potential information disclosure when the software processes a specially crafted XLS file.

Recommendations Update to a version newer than 1.6.3.