Medium severity5.3NVD Advisory· Published Jun 3, 2026· Updated Jun 8, 2026
CVE-2026-26825
CVE-2026-26825
Description
A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xls_parseWorkBook() and is triggered by uninitialized heap memory originating from the OLE layer (ole2_read). The flaw is detectable with MemorySanitizer (MSAN) and can lead to undefined behavior, incorrect parsing logic, or potential information disclosure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
1- github.com/libxls/libxls/issues/156nvdExploitIssue Tracking
News mentions
0No linked articles in our index yet.