freexl is vulnerable to undefined behaviour through heap-based buffer over-read. The vulnerability exists in the parse_unicode_string
of freexl.c
where it is possible for a heap-based buffer over-read to occur, causing denial of service (DoS) and possibly other issues.