Login Sign Up

CVE-2024-48877

8.4 HIGH

📋 TL;DR

A heap buffer overflow vulnerability in xls2csv utility version 0.95 allows memory corruption when processing specially crafted Excel files. Attackers can exploit this by providing malicious files, potentially leading to arbitrary code execution. Users and systems that process untrusted Excel files with xls2csv are affected.

💻 Affected Systems

Products:
  • xls2csv
Versions: Version 0.95
Operating Systems: Linux, Unix-like systems where xls2csv is installed
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems where xls2csv is installed and used to process Excel files. Not a default component on most systems.

📦 What is this software?

Xls2csv by Wagner

View all CVEs affecting Xls2csv →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the xls2csv process, potentially leading to full system compromise.

🟠

Likely Case

Application crash (denial of service) or limited memory corruption leading to unstable behavior.

🟢

If Mitigated

Contained crash with no privilege escalation if proper sandboxing and least privilege are implemented.

🌐 Internet-Facing: MEDIUM - Requires user to process malicious files, but web services converting Excel files could be targeted.
🏢 Internal Only: MEDIUM - Internal users processing untrusted Excel files (e.g., from email) could trigger exploitation.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires the victim to process a malicious Excel file. No public exploit code is known as of the advisory date.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Debian security updates or upstream fixes (version not specified in references)

Vendor Advisory: https://lists.debian.org/debian-lts-announce/2025/06/msg00032.html

Restart Required: No

Instructions:

1. Update xls2csv via your package manager (e.g., apt-get update && apt-get upgrade xls2csv). 2. If compiled from source, check for upstream patches and recompile.

🔧 Temporary Workarounds

Disable or remove xls2csv

linux

Uninstall or disable the xls2csv utility if not needed.

sudo apt-get remove xls2csv

Restrict file processing

all

Limit xls2csv usage to trusted sources only via access controls.

🧯 If You Can't Patch

  • Implement strict input validation: only allow known-good Excel files from trusted sources.
  • Run xls2csv in a sandboxed environment with minimal privileges to limit impact.

🔍 How to Verify

Check if Vulnerable:

Check xls2csv version: run 'xls2csv --version' or 'dpkg -l | grep xls2csv' and verify if version is 0.95.

Check Version:

xls2csv --version 2>&1 | head -1

Verify Fix Applied:

After update, confirm version is no longer 0.95 using the same commands and test with safe Excel files.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes or abnormal termination of xls2csv processes
  • System logs showing memory access violations

Network Indicators:

  • Unusual file uploads to services using xls2csv

SIEM Query:

process_name:"xls2csv" AND (event_type:"crash" OR exit_code:139)

📊 Metadata

CVE ID: CVE-2024-48877
CVSS v3 Score: 8.4 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-680
EPSS Score: 0.05% exploit probability (13.8th percentile)
Published: June 2, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-48877, you might also want to check these:

CVE-2020-13576 9.8

A remote code execution vulnerability exists in the WS-Addressing plugin of Genivia gSOAP 2.8.107. A...

Same vulnerability type (CWE-680)
CVE-2021-21783 9.8

This vulnerability allows remote code execution in Genivia gSOAP's WS-Addressing plugin. Attackers c...

Same vulnerability type (CWE-680)
CVE-2024-33078 9.8

CVE-2024-33078 is a critical buffer overflow vulnerability in Tencent Libpag v4.3 that allows remote...

Same vulnerability type (CWE-680)