/ 
Spreadsheet-ParseExcel-0.31
Security Advisories (1)
CVE-2023-7101 (2023-12-24)

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.

Changes for version 0.31

  • Require IO::Scalar always as OLE::Storage_Lite needs it but does not prereq it
  • disable some of the tests that don't yet work on 64 bit due to number precision in order to allow automatic installation

Modules

Spreadsheet::ParseExcel
Get information from Excel file
Spreadsheet::ParseExcel::SaveParser
Expand of Spreadsheet::ParseExcel with Spreadsheet::WriteExcel
Spreadsheet::ParseExcel::Utility
Utility function for Spreadsheet::ParseExcel

Provides

Spreadsheet::ParseExcel::Cell
in lib/Spreadsheet/ParseExcel.pm
Spreadsheet::ParseExcel::Dump
in lib/Spreadsheet/ParseExcel/Dump.pm
Spreadsheet::ParseExcel::FmtDefault
in lib/Spreadsheet/ParseExcel/FmtDefault.pm
Spreadsheet::ParseExcel::FmtJapan
in lib/Spreadsheet/ParseExcel/FmtJapan.pm
Spreadsheet::ParseExcel::FmtJapan2
in lib/Spreadsheet/ParseExcel/FmtJapan2.pm
Spreadsheet::ParseExcel::FmtUnicode
in lib/Spreadsheet/ParseExcel/FmtUnicode.pm
Spreadsheet::ParseExcel::Font
in lib/Spreadsheet/ParseExcel.pm
Spreadsheet::ParseExcel::Format
in lib/Spreadsheet/ParseExcel.pm
Spreadsheet::ParseExcel::SaveParser::Workbook
in lib/Spreadsheet/ParseExcel/SaveParser.pm
Spreadsheet::ParseExcel::SaveParser::Worksheet
in lib/Spreadsheet/ParseExcel/SaveParser.pm
Spreadsheet::ParseExcel::Workbook
in lib/Spreadsheet/ParseExcel.pm
Spreadsheet::ParseExcel::Worksheet
in lib/Spreadsheet/ParseExcel.pm

Examples

Other files