{"schema_version":"1.7.2","id":"OESA-2025-2507","modified":"2025-10-24T14:33:10Z","published":"2025-10-24T14:33:10Z","upstream":["CVE-2023-7101"],"summary":"perl-Spreadsheet-ParseExcel security update","details":"The Spreadsheet::ParseExcel module can be used to read information from an Excel 95-2003 file.\r\n\r\nSecurity Fix(es):\n\nSpreadsheet::ParseExcel version 0.65, a Perl module for parsing Excel files, is vulnerable to arbitrary code execution (ACE) due to passing unvalidated input from a file into a string-type eval. The issue specifically arises from the evaluation of Number format strings (distinct from printf-style format strings) within the Excel parsing logic.(CVE-2023-7101)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS","name":"perl-Spreadsheet-ParseExcel","purl":"pkg:rpm/openEuler/perl-Spreadsheet-ParseExcel&distro=openEuler-24.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.65-2.oe2403"}]}],"ecosystem_specific":{"aarch64":["perl-Spreadsheet-ParseExcel-0.65-2.oe2403.aarch64.rpm","perl-Spreadsheet-ParseExcel-debuginfo-0.65-2.oe2403.aarch64.rpm","perl-Spreadsheet-ParseExcel-debugsource-0.65-2.oe2403.aarch64.rpm","perl-Spreadsheet-ParseExcel-help-0.65-2.oe2403.aarch64.rpm"],"src":["perl-Spreadsheet-ParseExcel-0.65-2.oe2403.src.rpm"],"x86_64":["perl-Spreadsheet-ParseExcel-0.65-2.oe2403.x86_64.rpm","perl-Spreadsheet-ParseExcel-debuginfo-0.65-2.oe2403.x86_64.rpm","perl-Spreadsheet-ParseExcel-debugsource-0.65-2.oe2403.x86_64.rpm","perl-Spreadsheet-ParseExcel-help-0.65-2.oe2403.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2507"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-7101"}],"database_specific":{"severity":"High"}}