CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Libxls Project: >> Libxls >> 1.6.3 Security Vulnerabilities

CVE-2026-26825

A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xls_parseWorkBook() and is triggered by uninitialized heap memory originating from the OLE layer (ole2_read). The flaw is detectable with MemorySanitizer (MSAN) and can lead to undefined behavior, incorrect parsing logic, or potential information disclosure.

CVSS Score

5.3

EPSS Score

0.002

Published

2026-06-03

Page 1

Vulnerabilities

Vulnerable Software

Libxls Project: >> Libxls >> 1.6.3 Security Vulnerabilities

Products

Pricing

Contact Us