CVE-2026-26825
EUVD-2026-3417903.06.2026, 20:16
A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xls_parseWorkBook() and is triggered by uninitialized heap memory originating from the OLE layer (ole2_read). The flaw is detectable with MemorySanitizer (MSAN) and can lead to undefined behavior, incorrect parsing logic, or potential information disclosure.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| libxls_project | libxls | 1.6.3 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration