Memory Corruption Vulnerability in xls2csv Utility by Talos
CVE-2024-48877

8.4HIGH

Key Information:

Vendor: Xls2csv
Status: Xls2csv
Vendor: CVE Published:; 2 June 2025

What is CVE-2024-48877?

A memory corruption vulnerability has been identified in the Shared String Table Record Parser of xls2csv utility version 0.95. The flaw arises from improper handling of specially crafted files, allowing a heap buffer overflow when the utility processes malformed input. An attacker exploiting this vulnerability can potentially execute arbitrary code by supplying a malicious file, posing a significant risk to systems using this software.

Affected Version(s)

xls2csv 0.95

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2025
Vulnerability Reserved
Dec 11, 2024

Credit

Discovered by a member of Cisco Talos.

Xls2csv

What is CVE-2024-48877?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit