CVE-2023-38856

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Aug 15, 2023
Updated: Aug 19, 2023
CWE ID 787

Summary

CVE-2023-38856 is a newly disclosed buffer overflow vulnerability affecting libxlsv version 1.6.2. Maliciously crafted XLS files can be used by remote attackers to exploit this issue, leading to arbitrary code execution or causing a denial of service. The vulnerability lies in the get_string function found in xlstool.c at line 411. Attackers can manipulate the size of the input parameter, resulting in data overflow, which in turn allows the execution of unintended code. Users are advised to update to a patched version of libxlsv to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share