Shodan
Vulnerabilities
Vulnerable Software
Libxls Project:  >> Libxls  >> 1.6.2  Security Vulnerabilities
CVE-2026-26824
libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table (MSAT) in read_MSAT() is not fully initialized before being consumed by ole2_validate_sector_chain(), which may result in application crashes or potential information disclosure when processing a crafted XLS file
CVSS Score
6.5
EPSS Score
0.002
Published
2026-06-03
CVE-2023-38854
Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the transcode_latin1_to_utf8 function in xlstool.c:296.
CVSS Score
6.5
EPSS Score
0.008
Published
2023-08-15
CVE-2023-38855
Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:395.
CVSS Score
6.5
EPSS Score
0.008
Published
2023-08-15
CVE-2023-38856
Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:411.
CVSS Score
6.5
EPSS Score
0.008
Published
2023-08-15
CVE-2023-38851
Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1018.
CVSS Score
6.5
EPSS Score
0.008
Published
2023-08-15
CVE-2023-38852
Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the unicode_decode_wcstombs function in xlstool.c:266.
CVSS Score
6.5
EPSS Score
0.012
Published
2023-08-15
CVE-2023-38853
Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1015.
CVSS Score
6.5
EPSS Score
0.008
Published
2023-08-15
CVE-2021-27836
An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file.
CVSS Score
6.5
EPSS Score
0.011
Published
2021-11-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved