oss-sec mailing list archives
CVE-2024-22368: Spreadsheet::ParseXLSX for Perl is vulnerable to DoS via out-of-memory bugs
From: Stig Palmquist <stig () stig io>
Date: Wed, 10 Jan 2024 14:08:36 +0000
Hi, Đình Hải Lê discovered that the Perl module Spreadsheet::ParseXLSX 0.27 (and earlier) is vulnerable to denial of service attack via out-of-memory bugs when parsing a crafted XLSX file. Users are advised to upgrade to 0.28 or later Fixed Version: https://metacpan.org/release/NUDDLEGG/Spreadsheet-ParseXLSX-0.28 References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22368 https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md Best, Stig
Current thread:
- CVE-2024-22368: Spreadsheet::ParseXLSX for Perl is vulnerable to DoS via out-of-memory bugs Stig Palmquist (Jan 10)