CVE-2023-38852
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Aug 15, 2023
Updated: Feb 27, 2024
CWE ID 787
Summary
CVE-2023-38852 is a newly identified buffer overflow vulnerability that affects libxlsv version 1.6.2. This issue can be exploited by a remote attacker who crafts a malicious XLS file. The vulnerability resides in the unicode_decode_wcstombs function located in xlstool.c at line 266. By sending a specially crafted file, an attacker can cause a buffer overflow, leading to arbitrary code execution and potential denial of service. Users of libxlsv are urged to update to the latest version to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share