VYPR
Medium severity5.3NVD Advisory· Published Jun 3, 2026· Updated Jun 8, 2026

CVE-2026-26825

CVE-2026-26825

Description

A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xls_parseWorkBook() and is triggered by uninitialized heap memory originating from the OLE layer (ole2_read). The flaw is detectable with MemorySanitizer (MSAN) and can lead to undefined behavior, incorrect parsing logic, or potential information disclosure.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Libxls/Libxlsreferences3 versions
    (expand)+ 2 more
    • (no CPE)
    • cpe:2.3:a:libxls_project:libxls:1.6.3:*:*:*:*:*:*:*
    • (no CPE)range: <1.6.3

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.