Loading market data...
← Back to CVE feed

CVE-2026-26825

UNKNOWN View on NVD ↗

Description

A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xls_parseWorkBook() and is triggered by uninitialized heap memory originating from the OLE layer (ole2_read). The flaw is detectable with MemorySanitizer (MSAN) and can lead to undefined behavior, incorrect parsing logic, or potential information disclosure.

Published: Jun 03, 2026 20:16 UTC Modified: Jun 04, 2026 15:48 UTC