xlnt-Community xlnt Null Pointer Dereference Vulnerability in XLSX File Parser
Vulnerability
A null pointer dereference vulnerability has been identified in xlnt-Community xlnt versions through 1.6.1. The issue arises in the XLSX file parser component, specifically within the 'xlnt::detail::xlsx_consumer::read_office_document' function of 'source/detail/serialization/xlsx_consumer.cpp'. This vulnerability leads to a segmentation fault when the application attempts to process document relationships in a malformed XLSX file, causing a crash. The vulnerability must be exploited locally, and a public exploit is available.
Impact
Exploitation of this vulnerability causes a segmentation fault due to a null pointer dereference, leading to a crash of the application.
Reproduction
The vulnerability can be reproduced by building xlnt with release optimization and AddressSanitizer (ASan) enabled. After compiling the application, it can be run with a malformed XLSX file that triggers the null pointer dereference. The AddressSanitizer will report the segmentation fault, indicating that the vulnerability has been successfully exploited.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.