libxls OLE Container Parsing Uninitialized Memory Vulnerability

A use of uninitialized memory vulnerability has been identified in libxls, affecting versions through 1.6.3. The issue arises in the OLE container parser, where memory allocated for the Master Sector Allocation Table (MSAT) is not fully initialized before being used to validate the sector chain. This flaw can lead to application crashes or potential information disclosure when processing a crafted XLS file.

Impact

Exploitation of this vulnerability causes undefined behavior during the parsing of untrusted XLS files, leading to application crashes. MemorySanitizer reports a use of uninitialized value, indicating potential information disclosure through residual heap data. The vulnerability could also be exploited to cause a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by building libxls version 1.6.3 with MemorySanitizer enabled. After compiling the library with the appropriate flags, including memory tracking origins, the crafted XLS file can be parsed using the 'xls_open_buffer()' function. The uninitialized memory usage will trigger a crash, which can be verified with the MemorySanitizer tool.