Description
A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::binary_writer::append of the file source/detail/binary.hpp of the component Compound Document Parser. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. Patch name: 147. It is suggested to install a patch to address this issue.
Published: 2026-03-03
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Heap-based Buffer Overflow
Action: Apply Patch
AI Analysis

Impact

The xlnt-community library contains a heap‑based buffer overflow in the binary_writer::append function, part of its Compound Document Parser. When processing a specially crafted compound document file, the function writes beyond the bounds of a heap buffer, potentially corrupting adjacent memory and causing application crashes or other memory corruption. The flaw requires local execution, meaning that an attacker must be able to run code in the same context that loads the document. While the CVE description does not explicitly state arbitrary code execution, the availability of a publicly released exploit suggests that attackers could potentially use the overflow to perform local attacks. The weakness maps to CWEs 119 and 122.

Affected Systems

The vulnerability affects all versions of the xlnt library up to and including 1.6.1 distributed by xlnt‑community. Any application that incorporates these versions and processes compound document files is susceptible. No other products or library versions are documented as vulnerable.

Risk and Exploitability

The CVSS score of 4.8 indicates moderate risk, and the EPSS score of less than 1% shows a low likelihood of exploitation in practice. The flaw requires local execution; an attacker must have code running in the same context that loads a compound document, or the user must be coerced into opening a malicious file. Although no widely confirmed exploitation has been reported, publicly available proof‑of‑concept code exists, underscoring the importance of applying the fix promptly.

Generated by OpenCVE AI on April 18, 2026 at 10:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the patch released in PR #147, which corrects the bounds check in xlnt::detail::binary_writer::append.
  • Update the xlnt library to the latest release that incorporates this correction.
  • Until a newer release is available, restrict handling of compound document files to trusted sources or disable the feature within the application.

Generated by OpenCVE AI on April 18, 2026 at 10:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 10 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:xlnt-community:xlnt:*:*:*:*:*:*:*:*

Wed, 04 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Xlnt-community
Xlnt-community xlnt
Vendors & Products Xlnt-community
Xlnt-community xlnt

Tue, 03 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 03 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::binary_writer::append of the file source/detail/binary.hpp of the component Compound Document Parser. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. Patch name: 147. It is suggested to install a patch to address this issue.
Title xlnt-community xlnt Compound Document binary.hpp append heap-based overflow
Weaknesses CWE-119
CWE-122
References
Metrics cvssV2_0

{'score': 1.7, 'vector': 'AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 3.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Xlnt-community Xlnt
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-03T14:48:28.075Z

Reserved: 2026-03-03T06:03:44.804Z

Link: CVE-2026-3463

cve-icon Vulnrichment

Updated: 2026-03-03T14:48:08.016Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-03T12:16:06.880

Modified: 2026-03-10T20:29:01.577

Link: CVE-2026-3463

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T10:15:25Z

Weaknesses