Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
xlnt-community xlnt XLSX File compound_document.cpp xsgetn out-of-bounds
Vulnerability Description
A vulnerability was found in xlnt-community xlnt up to 1.6.1. This issue affects the function xlnt::detail::compound_document_istreambuf::xsgetn of the file source/detail/cryptography/compound_document.cpp of the component XLSX File Parser. Performing a manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit has been made public and could be used. The patch is named 147. It is recommended to apply a patch to fix this issue.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
跨界内存读
Vulnerability Title
xlnt 缓冲区错误漏洞
Vulnerability Description
xlnt是xlnt-community开源的一个C++语言库。 xlnt 1.6.1及之前版本存在缓冲区错误漏洞,该漏洞源于对文件source/detail/cryptography/compound_document.cpp中函数xsgetn的错误操作,可能导致越界读取。
CVSS Information
N/A
Vulnerability Type
N/A