The vulnerability in libxls (up to version 1.6.3) arises from uninitialized memory usage in the OLE container parser component. The Master Sector Allocation Table (MSAT) memory allocated by read_MSAT() is incompletely initialized before being consumed by ole2_validate_sector_chain(). This can cause instability such as application crashes or may expose sensitive memory contents, leading to potential information disclosure when handling maliciously crafted XLS files. The vulnerability is publicly disclosed but lacks a CVSS score and vendor remediation details.

Exploitation of this vulnerability may cause applications using libxls to crash, resulting in denial of service. Additionally, there is a risk of information disclosure due to uninitialized memory being accessed and potentially leaked. No evidence of active exploitation is reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should exercise caution when processing untrusted XLS files with libxls and consider additional sandboxing or input validation measures to reduce risk.