CVE-2026-26824
EUVD-2026-3417803.06.2026, 20:16
libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table (MSAT) in read_MSAT() is not fully initialized before being consumed by ole2_validate_sector_chain(), which may result in application crashes or potential information disclosure when processing a crafted XLS fileEnginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| libxls_project | libxls | 𝑥 ≤ 1.6.3 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration