CVE-2024-22368

Published January 9th, 2024

View on NVD ↗

CVSS v3

5.5

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells.

haile01/perl_spreadsheet_excel_rce_poc

POC for RCE vulnerability in ParseExcel library, and ParseXLSX too, as a depending library

GitHub