CVE-2023-34795: xlsxio v0.1.2 to v0.2.34 was discovered to contain a free of uninitialized pointer in the xlsxioread_sheetlist_close() function. This vulnerability...

Description

xlsxio v0.1.2 to v0.2.34 was discovered to contain a free of uninitialized pointer in the xlsxioread_sheetlist_close() function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted XLSX file.

Classification

CVE ID: CVE-2023-34795

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.1% (probability of being exploited)

EPSS Percentile: 42.86% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://github.com/brechtsanders/xlsxio/issues/121
https://github.com/brechtsanders/xlsxio/commit/d653f1604b54532f11b45dca1fa164b4a1f15e2d
https://github.com/xf1les/cve-advisories/blob/main/2023/CVE-2023-34795.md

Timeline

2024-12-18 00:30:24 UTC
CVE

xlsxio v0.1.2 to v0.2.34 was discovered to contain a free of uninitialized pointer in the xlsxioread_sheetlist_close() function. This vulnerability...