ONLYOFFICE DocumentServer before version 9.3.0 contains an out-of-bounds read vulnerability (CWE-125) in its XLS processing/conversion functionality. The vulnerability arises from dereferencing an untrusted pointer, notably involving the pictFmla.cbBufInCtlStm buffer and other related vectors. Exploitation of this flaw can result in leaking information and bypassing ASLR, which is a security mitigation technique. The CVSS 3.1 base score is 5.0 (medium severity), with attack vector network, low attack complexity, requiring low privileges and no user interaction, and impacts confidentiality but not integrity or availability. There is no vendor advisory or patch currently available, and no known exploits have been reported.

Successful exploitation of this vulnerability can lead to information disclosure and bypass of ASLR protections, potentially aiding further attacks. The impact is limited to confidentiality loss; integrity and availability are not affected. The vulnerability requires network access and low privileges but no user interaction.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider restricting access to the vulnerable service and carefully validate XLS files from untrusted sources. Monitor vendor channels for updates regarding patches or mitigations.