Heap buffer overflow on oversized value of BIFF8 type column. Heap buffer overflow on oversized palette value for BIFF8 type column.
vulners.com/securityvulns/securityvulns:doc:15652
vulners.com/securityvulns/securityvulns:doc:15653
vulners.com/securityvulns/securityvulns:doc:15654
vulners.com/securityvulns/securityvulns:doc:15943