216.73.217.86

CVE-2024-48877

· Published 02/06/2025 15:15 · Modified 02/06/2025 17:32

Labels: CVE-2024-48877 2025-06-02CVE-2024-48877CWE-680[email protected]

Essential information

Published
02/06/2025 15:15
Modified
02/06/2025 17:32
Author
Creator
CVSS
8.4 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in xls2csv utility version 0.95. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
xis2 / xis2 cpe:2.3:a:xis2:xis2:0.95:*:*:*:*:*:*:*

References