ByteOS Network

Vulnerability Details :

CVE-2024-48877

Assigner-talos

Assigner Org ID-b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b

Published At-02 Jun, 2025 | 15:00

Updated At-02 Jun, 2025 | 17:03

A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in xls2csv utility version 0.95. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:talos

Assigner Org ID:b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b

Published At:02 Jun, 2025 | 15:00

Updated At:02 Jun, 2025 | 17:03

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

xls2csv

Product

xls2csv

Versions

Affected

0.95

Problem Types

Type	CWE ID	Description
CWE	CWE-680	CWE-680: Integer Overflow to Buffer Overflow

Type: CWE

CWE ID: CWE-680

Description: CWE-680: Integer Overflow to Buffer Overflow

Metrics

Version	Base score	Base severity	Vector
3.1	8.4	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Version: 3.1

Base score: 8.4

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Credits

Discovered by a member of Cisco Talos.

References

Hyperlink	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2128	N/A

Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2024-2128

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CISA ADP Vulnrichment

Metrics Other Info

2. CVE Program Container

References

Hyperlink	Resource
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2128	N/A

Hyperlink: https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2128

Resource: N/A

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:talos-cna@cisco.com

Published At:02 Jun, 2025 | 15:15

Updated At:02 Jun, 2025 | 17:32

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	8.4	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 8.4

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE ID	Type	Source
CWE-680	Secondary	talos-cna@cisco.com

CWE ID: CWE-680

Type: Secondary

Source: talos-cna@cisco.com

References

Hyperlink	Source	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2128	talos-cna@cisco.com	N/A
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2128	af854a3a-2127-422b-91ae-364da2661108	N/A

Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2024-2128

Source: talos-cna@cisco.com

Resource: N/A

Hyperlink: https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2128

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Similar CVEs

5Records found

CVE-2024-2608

Matching Score-4

Assigner-Mozilla Corporation

View Details

Matching Score-4

Assigner-Mozilla Corporation

CVSS Score-8.4||HIGH

EPSS-0.16% / 37.90%

7 Day CHG~0.00%

Published-19 Mar, 2024 | 12:02

Updated-01 Apr, 2025 | 17:18

`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

Vendor-Mozilla Corporation Debian GNU/Linux

Product-thunderbird firefox debian_linux Firefox Thunderbird Firefox ESR thunderbird firefox firefox_esr

CWE ID-CWE-680

Integer Overflow to Buffer Overflow

CVE-2024-21470

Matching Score-4

Assigner-Qualcomm, Inc.

View Details

Matching Score-4

Assigner-Qualcomm, Inc.

CVSS Score-8.4||HIGH

EPSS-0.08% / 24.04%