Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
xlnt-community xlnt Encrypted XLSX File base64.cpp decode_base64 off-by-one
Vulnerability Description
A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::decode_base64 of the file source/detail/cryptography/base64.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lead to off-by-one. The attack requires local access. The exploit has been made available to the public and could be used for attacks. This patch is called f2d7bf494e5c52706843cf7eb9892821bffb0734. Applying a patch is advised to resolve this issue.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
Off-by-one错误
Vulnerability Title
xlnt 安全漏洞
Vulnerability Description
xlnt是xlnt-community开源的一个C++语言库。 xlnt 1.6.1及之前版本存在安全漏洞,该漏洞源于文件source/detail/cryptography/base64.cpp中函数xlnt::detail::decode_base64存在差一错误。
CVSS Information
N/A
Vulnerability Type
N/A