oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2024-22368: Spreadsheet::ParseXLSX for Perl is vulnerable to DoS via out-of-memory bugs

From: Stig Palmquist <stig () stig io>
Date: Wed, 10 Jan 2024 14:08:36 +0000
Hi,

Đình Hải Lê discovered that the Perl module Spreadsheet::ParseXLSX 0.27 (and earlier) is vulnerable to denial of 
service attack via out-of-memory bugs when parsing a crafted XLSX file.

Users are advised to upgrade to 0.28 or later

Fixed Version:
https://metacpan.org/release/NUDDLEGG/Spreadsheet-ParseXLSX-0.28

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22368
https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md

Best,
Stig
Previous By Date Next
Previous By Thread Next

Current thread: