{"id":"CVE-2023-34795","details":"xlsxio v0.1.2 to v0.2.34 was discovered to contain a free of uninitialized pointer in the xlsxioread_sheetlist_close() function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted XLSX file.","modified":"2026-02-03T21:37:59.347677Z","published":"2023-06-16T16:15:09.357Z","references":[{"type":"ADVISORY","url":"https://github.com/brechtsanders/xlsxio/issues/121"},{"type":"ADVISORY","url":"https://github.com/xf1les/cve-advisories/blob/main/2023/CVE-2023-34795.md"},{"type":"REPORT","url":"https://github.com/brechtsanders/xlsxio/issues/121"},{"type":"FIX","url":"https://github.com/brechtsanders/xlsxio/commit/d653f1604b54532f11b45dca1fa164b4a1f15e2d"},{"type":"EVIDENCE","url":"https://github.com/brechtsanders/xlsxio/issues/121"},{"type":"EVIDENCE","url":"https://github.com/xf1les/cve-advisories/blob/main/2023/CVE-2023-34795.md"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/brechtsanders/xlsxio","events":[{"introduced":"0"},{"fixed":"d653f1604b54532f11b45dca1fa164b4a1f15e2d"}]}],"versions":["0.1.0","0.1.1","0.1.2","0.1.3","0.1.4","0.1.5","0.1.6","0.1.7","0.1.8","0.1.9","0.2.0","0.2.1","0.2.10","0.2.11","0.2.12","0.2.13","0.2.14","0.2.15","0.2.16","0.2.18","0.2.19","0.2.2","0.2.21","0.2.22","0.2.24","0.2.25","0.2.26","0.2.27","0.2.28","0.2.29","0.2.3","0.2.31","0.2.32","0.2.33","0.2.34","0.2.5","0.2.6","0.2.7","0.2.8"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","signature_type":"Function","id":"CVE-2023-34795-64e1e53a","target":{"file":"lib/xlsxio_read.c","function":"xlsxioread_sheetlist_open"},"digest":{"function_hash":"305902545275284073404997409807059961263","length":1112},"source":"https://github.com/brechtsanders/xlsxio/commit/d653f1604b54532f11b45dca1fa164b4a1f15e2d","deprecated":false},{"signature_version":"v1","signature_type":"Line","id":"CVE-2023-34795-7257d3e3","target":{"file":"lib/xlsxio_read.c"},"digest":{"line_hashes":["302690977701771854163438072249211416321","49738666660649064886705723745264120926","138260580017980920614606923562183985925","38231482405369132459825939103438119397"],"threshold":0.9},"source":"https://github.com/brechtsanders/xlsxio/commit/d653f1604b54532f11b45dca1fa164b4a1f15e2d","deprecated":false}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-34795.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}