GHSA-48jr-3rh3-95w6MediumCVSS 5.3

A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS...

Published
June 3, 2026
Last Modified
June 4, 2026

🔗 CVE IDs covered (1)

📋 Description

A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xls_parseWorkBook() and is triggered by uninitialized heap memory originating from the OLE layer (ole2_read). The flaw is detectable with MemorySanitizer (MSAN) and can lead to undefined behavior, incorrect parsing logic, or potential information disclosure.

🔗 References (3)