Headline
CVE-2023-34795: brechtsanders/xlsxio@d653f16
xlsxio v0.1.2 to v0.2.34 was discovered to contain a free of uninitialized pointer in the xlsxioread_sheetlist_close() function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted XLSX file.
Expand Up
@@ -1410,6 +1410,7 @@ DLL_EXPORT_XLSXIO xlsxioreadersheetlist xlsxioread_sheetlist_open (xlsxioreader
result->sheetcallbackdata.xmlparser = NULL;
result->sheetcallbackdata.callback = xlsxioread_list_sheets_resumable_callback;
result->sheetcallbackdata.callbackdata = result;
result->xmlparser = NULL;
result->nextsheetname = NULL;
if ((result->zipfile = XML_Char_openzip(handle->zip, mainsheetfile, 0)) != NULL) {
result->xmlparser = expat_process_zip_file_suspendable(result->zipfile, main_sheet_list_expat_callback_element_start, NULL, NULL, &result->sheetcallbackdata);
Expand Down