Le Dinh Hai discovered that Spreadsheet:
arseXLSX did not properly manage memory during cell merge operations. An attacker could possibly use this issue to consume large amounts of memory, resulting in a denial of service condition. (CVE-2024-22368) An Pham discovered that Spreadsheet:arseXLSX allowed the processing of external entities in a default configuration. An attacker could possibly use this vulnerability to execute an XML External Entity (XXE) injection attack. (CVE-2024-23525)
Continue reading...
arseXLSX did not properly manage memory during cell merge operations. An attacker could possibly use this issue to consume large amounts of memory, resulting in a denial of service condition. (CVE-2024-22368) An Pham discovered that Spreadsheet:arseXLSX allowed the processing of external entities in a default configuration. An attacker could possibly use this vulnerability to execute an XML External Entity (XXE) injection attack. (CVE-2024-23525)Continue reading...
