CVE-2026-3463 | xlnt-community xlnt up to 1.6.1 Compound Document Parser source/detail/binary.hpp append heap-based overflow (Issue 138 / ID 147)

Inserito da Angelo Barbosa | Mar 3, 2026 | CVE

A vulnerability classified as problematic has been found in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::binary_writer::append of the file source/detail/binary.hpp of the component Compound Document Parser. This manipulation causes heap-based buffer overflow.

The identification of this vulnerability is CVE-2026-3463. The attack can only be executed locally. Furthermore, there is an exploit available.

It is suggested to install a patch to address this issue.

CVE-2026-3463 | xlnt-community xlnt up to 1.6.1 Compound Document Parser source/detail/binary.hpp append heap-based overflow (Issue 138 / ID 147)

Post correlati

CVE-2025-6166 | frdel Agent-Zero up to 0.8.4 /python/api/image_get.py image_get path path traversal (Issue 383)

CVE-2025-48995 | XML-Security signxml up to 4.0.3 timing discrepancy (GHSA-gmhf-gg8w-jw42)

CVE-2025-5404 | chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513 GET Parameter /search.php Search denial of service

CVE-2023-48312 | capsule-proxy up to 0.4.5 TokenReview improper authentication