CVE-2024-48877

A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in xls2csv utility version 0.95. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

CVSS v3 8.4 HIGH

8.4^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2128	Exploit Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/06/msg00032.html
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2128	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:wagner:xls2csv:0.95:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-06-02 15:15

Updated : 2025-11-03 20:16

NVD link : CVE-2024-48877

Mitre link : CVE-2024-48877

CVE.ORG link : CVE-2024-48877

JSON object : View

Products Affected

wagner

xls2csv

CWE

CWE-680

Integer Overflow to Buffer Overflow

CWE-787

Out-of-bounds Write

{"id": "CVE-2024-48877", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-06-02T15:15:32.200", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2128", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00032.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2128", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-680"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in xls2csv utility version 0.95. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de corrupci\u00f3n de memoria en la implementaci\u00f3n del analizador de registros de tabla de cadenas compartidas de la utilidad xls2csv versi\u00f3n 0.95. Un archivo malformado especialmente manipulado puede provocar un desbordamiento del b\u00fafer del mont\u00f3n. Un atacante puede proporcionar un archivo malicioso para activar esta vulnerabilidad."}], "lastModified": "2025-11-03T20:16:34.250", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wagner:xls2csv:0.95:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7B58BAA-3F49-4B3E-8310-78427C2A635E"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}