Allocation of Resources Without Limits or Throttling

Summary

The XLSX reader's `ColumnAndRowAttributes::readRowAttributes()` method reads row numbers from XML attributes without validating them against the spreadsheet maximum row limit (`AddressRange::MAX_ROW = 1,048,576`). An attacker can craft a minimal XLSX file (~1.6KB) containing a `<row r="999999999"/>` element that inflates `cachedHighestRow` to 999,999,999, causing any subsequent row iteration to attempt ~1 billion loop cycles and exhaust CPU resources. Affected versions are through 1.30.3, 2.0.0 through2.1.15, 2.2.0 through 2.4.4, 3.3.0 through 3.10.4, 4.0.0 through 5.6.0.