{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "1.6.1" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "3b25b084eab473bb6009b8e3d03ba5ff10bb4891" } ], "repo": "https://github.com/xlnt-community/xlnt", "type": "GIT" } ] } ], "details": "A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::binary_writer::append of the file source/detail/binary.hpp of the component Compound Document Parser. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. Patch name: 147. It is suggested to install a patch to address this issue.", "id": "CVE-2026-3463", "modified": "2026-03-14T13:50:47.654677546Z", "published": "2026-03-03T12:16:06.880Z", "references": [ { "type": "WEB", "url": "https://github.com/xlnt-community/xlnt/" }, { "type": "ADVISORY", "url": "https://vuldb.com/?id.348530" }, { "type": "ADVISORY", "url": "https://vuldb.com/?submit.764643" }, { "type": "REPORT", "url": "https://github.com/xlnt-community/xlnt/issues/138" }, { "type": "REPORT", "url": "https://github.com/xlnt-community/xlnt/issues/138#issuecomment-3868381672" }, { "type": "REPORT", "url": "https://github.com/xlnt-community/xlnt/pull/147" }, { "type": "REPORT", "url": "https://vuldb.com/?ctiid.348530" }, { "type": "EVIDENCE", "url": "https://github.com/oneafter/0128/blob/main/xl2/repro" } ], "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }