By vendor
Libxls_project vulnerabilities
Known CVEs affecting Libxls_project products, prioritized by severity, with SEC.co remediation and detection guidance.
2 published vulnerabilities
- CVE-2026-26824MEDIUM 6.5
libxls, a widely-used library for reading Microsoft Excel files, has a memory safety issue that could allow an attacker to crash applications or potentially leak sensitive information. The vulnerability exists in how the library initializes internal data structures when parsing Excel file containers. An attacker who crafts a malicious Excel file and tricks a user or application into opening it could trigger the vulnerability. This is a moderate-severity issue affecting the library through version 1.6.3.
- CVE-2026-26825MEDIUM 5.3
A use-of-uninitialized memory vulnerability in libxls 1.6.3 allows attackers to craft malformed XLS files that trigger memory safety issues during file parsing. When the library processes these files, uninitialized heap memory from the OLE (Object Linking and Embedding) layer may be read, leading to unpredictable behavior, incorrect file interpretation, or disclosure of sensitive data from memory. This does not require authentication and affects any application using the vulnerable library to open untrusted XLS files.