CVE-2023-38854
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Aug 15, 2023
Updated: Aug 19, 2023
CWE ID 787
Summary
CVE-2023-38854 is a buffer overflow vulnerability affecting libxlsv version 1.6.2. A maliciously crafted XLS file can exploit this issue in the transcode_latin1_to_utf8 function of xlstool.c, located at line 296. Successful exploitation allows an attacker to execute arbitrary code and cause a denial of service. This vulnerability poses a significant security risk and requires immediate attention from users and administrators, who should update their libxlsv packages to a patched version as soon as possible.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share