Search criteria
5 vulnerabilities by xlnt-community
CVE-2026-3665 (GCVE-0-2026-3665)
Vulnerability from cvelistv5 – Published: 2026-03-07 15:32 – Updated: 2026-03-11 16:29
VLAI
Title
xlnt-community xlnt XLSX File xlsx_consumer.cpp read_office_document null pointer dereference
Summary
A vulnerability was identified in xlnt-community xlnt up to 1.6.1. The affected element is the function xlnt::detail::xlsx_consumer::read_office_document of the file source/detail/serialization/xlsx_consumer.cpp of the component XLSX File Parser. The manipulation leads to null pointer dereference. The attack must be carried out locally. The exploit is publicly available and might be used.
Severity
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.349554 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.349554 | signaturepermissions-required |
| https://vuldb.com/?submit.764647 | third-party-advisory |
| https://github.com/xlnt-community/xlnt/issues/140 | issue-tracking |
| https://github.com/oneafter/0128/blob/main/xl4/repro | exploit |
| https://github.com/xlnt-community/xlnt/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| xlnt-community | xlnt |
Affected:
1.6.0
Affected: 1.6.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3665",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T16:14:26.493656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T16:29:12.576Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"XLSX File Parser"
],
"product": "xlnt",
"vendor": "xlnt-community",
"versions": [
{
"status": "affected",
"version": "1.6.0"
},
{
"status": "affected",
"version": "1.6.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Oneafter (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in xlnt-community xlnt up to 1.6.1. The affected element is the function xlnt::detail::xlsx_consumer::read_office_document of the file source/detail/serialization/xlsx_consumer.cpp of the component XLSX File Parser. The manipulation leads to null pointer dereference. The attack must be carried out locally. The exploit is publicly available and might be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-07T15:32:08.520Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-349554 | xlnt-community xlnt XLSX File xlsx_consumer.cpp read_office_document null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.349554"
},
{
"name": "VDB-349554 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.349554"
},
{
"name": "Submit #764647 | xlnt-community xlnt commit bceb706 and before NULL Pointer Dereference",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.764647"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/xlnt-community/xlnt/issues/140"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/oneafter/0128/blob/main/xl4/repro"
},
{
"tags": [
"product"
],
"url": "https://github.com/xlnt-community/xlnt/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-06T21:39:55.000Z",
"value": "VulDB entry last update"
}
],
"title": "xlnt-community xlnt XLSX File xlsx_consumer.cpp read_office_document null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-3665",
"datePublished": "2026-03-07T15:32:08.520Z",
"dateReserved": "2026-03-06T20:34:47.839Z",
"dateUpdated": "2026-03-11T16:29:12.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3664 (GCVE-0-2026-3664)
Vulnerability from cvelistv5 – Published: 2026-03-07 14:32 – Updated: 2026-03-11 16:29
VLAI
Title
xlnt-community xlnt Encrypted XLSX File compound_document.cpp read_directory out-of-bounds
Summary
A vulnerability was determined in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::compound_document::read_directory of the file source/detail/cryptography/compound_document.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lead to out-of-bounds read. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. This patch is called 147. Applying a patch is advised to resolve this issue.
Severity
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.349553 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.349553 | signaturepermissions-required |
| https://vuldb.com/?submit.764646 | third-party-advisory |
| https://github.com/xlnt-community/xlnt/issues/141 | issue-tracking |
| https://github.com/oneafter/0128/blob/main/xl5/repro | exploit |
| https://github.com/xlnt-community/xlnt/pull/147 | issue-trackingpatch |
| https://github.com/xlnt-community/xlnt/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| xlnt-community | xlnt |
Affected:
1.6.0
Affected: 1.6.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3664",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T16:14:47.381463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T16:29:17.998Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Encrypted XLSX File Parser"
],
"product": "xlnt",
"vendor": "xlnt-community",
"versions": [
{
"status": "affected",
"version": "1.6.0"
},
{
"status": "affected",
"version": "1.6.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Oneafter (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::compound_document::read_directory of the file source/detail/cryptography/compound_document.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lead to out-of-bounds read. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. This patch is called 147. Applying a patch is advised to resolve this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-Bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-07T14:32:12.856Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-349553 | xlnt-community xlnt Encrypted XLSX File compound_document.cpp read_directory out-of-bounds",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.349553"
},
{
"name": "VDB-349553 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.349553"
},
{
"name": "Submit #764646 | xlnt-community xlnt commit bceb706 and before Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.764646"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/xlnt-community/xlnt/issues/141"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/oneafter/0128/blob/main/xl5/repro"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/xlnt-community/xlnt/pull/147"
},
{
"tags": [
"product"
],
"url": "https://github.com/xlnt-community/xlnt/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-06T21:39:54.000Z",
"value": "VulDB entry last update"
}
],
"title": "xlnt-community xlnt Encrypted XLSX File compound_document.cpp read_directory out-of-bounds"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-3664",
"datePublished": "2026-03-07T14:32:12.856Z",
"dateReserved": "2026-03-06T20:34:45.441Z",
"dateUpdated": "2026-03-11T16:29:17.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3663 (GCVE-0-2026-3663)
Vulnerability from cvelistv5 – Published: 2026-03-07 14:32 – Updated: 2026-03-11 16:29
VLAI
Title
xlnt-community xlnt XLSX File compound_document.cpp xsgetn out-of-bounds
Summary
A vulnerability was found in xlnt-community xlnt up to 1.6.1. This issue affects the function xlnt::detail::compound_document_istreambuf::xsgetn of the file source/detail/cryptography/compound_document.cpp of the component XLSX File Parser. Performing a manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit has been made public and could be used. The patch is named 147. It is recommended to apply a patch to fix this issue.
Severity
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.349552 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.349552 | signaturepermissions-required |
| https://vuldb.com/?submit.764644 | third-party-advisory |
| https://github.com/xlnt-community/xlnt/issues/139 | issue-tracking |
| https://github.com/oneafter/0128/blob/main/xl3/repro | exploit |
| https://github.com/xlnt-community/xlnt/pull/147 | issue-trackingpatch |
| https://github.com/xlnt-community/xlnt/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| xlnt-community | xlnt |
Affected:
1.6.0
Affected: 1.6.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3663",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T16:15:09.537284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T16:29:23.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"XLSX File Parser"
],
"product": "xlnt",
"vendor": "xlnt-community",
"versions": [
{
"status": "affected",
"version": "1.6.0"
},
{
"status": "affected",
"version": "1.6.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Oneafter (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in xlnt-community xlnt up to 1.6.1. This issue affects the function xlnt::detail::compound_document_istreambuf::xsgetn of the file source/detail/cryptography/compound_document.cpp of the component XLSX File Parser. Performing a manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit has been made public and could be used. The patch is named 147. It is recommended to apply a patch to fix this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-Bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-07T14:32:09.897Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-349552 | xlnt-community xlnt XLSX File compound_document.cpp xsgetn out-of-bounds",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.349552"
},
{
"name": "VDB-349552 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.349552"
},
{
"name": "Submit #764644 | xlnt-community xlnt commit bceb706 and before Heap-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.764644"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/xlnt-community/xlnt/issues/139"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/oneafter/0128/blob/main/xl3/repro"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/xlnt-community/xlnt/pull/147"
},
{
"tags": [
"product"
],
"url": "https://github.com/xlnt-community/xlnt/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-06T21:39:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "xlnt-community xlnt XLSX File compound_document.cpp xsgetn out-of-bounds"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-3663",
"datePublished": "2026-03-07T14:32:09.897Z",
"dateReserved": "2026-03-06T20:34:39.952Z",
"dateUpdated": "2026-03-11T16:29:23.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3463 (GCVE-0-2026-3463)
Vulnerability from cvelistv5 – Published: 2026-03-03 12:02 – Updated: 2026-03-03 14:48
VLAI
Title
xlnt-community xlnt Compound Document binary.hpp append heap-based overflow
Summary
A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::binary_writer::append of the file source/detail/binary.hpp of the component Compound Document Parser. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. Patch name: 147. It is suggested to install a patch to address this issue.
Severity
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.348530 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.348530 | signaturepermissions-required |
| https://vuldb.com/?submit.764643 | third-party-advisory |
| https://github.com/xlnt-community/xlnt/issues/138 | issue-tracking |
| https://github.com/xlnt-community/xlnt/issues/138… | issue-tracking |
| https://github.com/oneafter/0128/blob/main/xl2/repro | exploit |
| https://github.com/xlnt-community/xlnt/pull/147 | issue-trackingpatch |
| https://github.com/xlnt-community/xlnt/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| xlnt-community | xlnt |
Affected:
1.6.0
Affected: 1.6.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3463",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-03T14:47:46.086978Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T14:48:28.075Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Compound Document Parser"
],
"product": "xlnt",
"vendor": "xlnt-community",
"versions": [
{
"status": "affected",
"version": "1.6.0"
},
{
"status": "affected",
"version": "1.6.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Oneafter (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::binary_writer::append of the file source/detail/binary.hpp of the component Compound Document Parser. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. Patch name: 147. It is suggested to install a patch to address this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T12:02:10.570Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-348530 | xlnt-community xlnt Compound Document binary.hpp append heap-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.348530"
},
{
"name": "VDB-348530 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.348530"
},
{
"name": "Submit #764643 | xlnt-community xlnt commit bceb706 and before Heap-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.764643"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/xlnt-community/xlnt/issues/138"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/xlnt-community/xlnt/issues/138#issuecomment-3868381672"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/oneafter/0128/blob/main/xl2/repro"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/xlnt-community/xlnt/pull/147"
},
{
"tags": [
"product"
],
"url": "https://github.com/xlnt-community/xlnt/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-03T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-03T07:09:14.000Z",
"value": "VulDB entry last update"
}
],
"title": "xlnt-community xlnt Compound Document binary.hpp append heap-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-3463",
"datePublished": "2026-03-03T12:02:10.570Z",
"dateReserved": "2026-03-03T06:03:44.804Z",
"dateUpdated": "2026-03-03T14:48:28.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2703 (GCVE-0-2026-2703)
Vulnerability from cvelistv5 – Published: 2026-02-19 04:02 – Updated: 2026-02-24 01:40 X_Open Source
VLAI
Title
xlnt-community xlnt Encrypted XLSX File base64.cpp decode_base64 off-by-one
Summary
A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::decode_base64 of the file source/detail/cryptography/base64.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lead to off-by-one. The attack requires local access. The exploit has been made available to the public and could be used for attacks. This patch is called f2d7bf494e5c52706843cf7eb9892821bffb0734. Applying a patch is advised to resolve this issue.
Severity
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.346649 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.346649 | signaturepermissions-required |
| https://vuldb.com/?submit.754377 | third-party-advisory |
| https://github.com/xlnt-community/xlnt/issues/137 | issue-tracking |
| https://github.com/oneafter/0128/blob/main/xl1/repro | exploit |
| https://github.com/xlnt-community/xlnt/commit/f2d… | patch |
| https://github.com/xlnt-community/xlnt/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| xlnt-community | xlnt |
Affected:
1.6.0
Affected: 1.6.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2703",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-24T01:40:32.932647Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T01:40:43.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Encrypted XLSX File Parser"
],
"product": "xlnt",
"vendor": "xlnt-community",
"versions": [
{
"status": "affected",
"version": "1.6.0"
},
{
"status": "affected",
"version": "1.6.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Oneafter (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::decode_base64 of the file source/detail/cryptography/base64.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lead to off-by-one. The attack requires local access. The exploit has been made available to the public and could be used for attacks. This patch is called f2d7bf494e5c52706843cf7eb9892821bffb0734. Applying a patch is advised to resolve this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "Off-by-One",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-189",
"description": "Numeric Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T10:28:34.926Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-346649 | xlnt-community xlnt Encrypted XLSX File base64.cpp decode_base64 off-by-one",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.346649"
},
{
"name": "VDB-346649 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.346649"
},
{
"name": "Submit #754377 | xlnt-community xlnt 5606f5b Heap-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.754377"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/xlnt-community/xlnt/issues/137"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/oneafter/0128/blob/main/xl1/repro"
},
{
"tags": [
"patch"
],
"url": "https://github.com/xlnt-community/xlnt/commit/f2d7bf494e5c52706843cf7eb9892821bffb0734"
},
{
"tags": [
"product"
],
"url": "https://github.com/xlnt-community/xlnt/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-02-18T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-02-18T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-18T19:04:11.000Z",
"value": "VulDB entry last update"
}
],
"title": "xlnt-community xlnt Encrypted XLSX File base64.cpp decode_base64 off-by-one"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-2703",
"datePublished": "2026-02-19T04:02:10.794Z",
"dateReserved": "2026-02-18T17:59:02.756Z",
"dateUpdated": "2026-02-24T01:40:43.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}