An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a pointer dereference of the parse_SST function.
{ "urgency": "not yet assigned" }