The library, FreeXL, was updated last week to fix the issues. It allows users to extract valid data from within an Excel (.xls) spreadsheet. Both issues affected the latest version (1.0.3) of the library and were fairly serious, both receiving a CVSS 3.0 score of 8.8.8. Both bugs can result in the overwriting of large parts of memory, something which could lead to a crash, or the execution of code by overwriting critical control flow structures
Source: https://threatpost.com/freexl-library-fixes-two-remote-code-execution-vulnerabilities/127932/