CVE-2018-20450 - The read_MSAT function in ole.c in libxls 1.4.0 has a double free that allows attackers to cause a d

CVE-2018-20450

Summary

The read_MSAT function in ole.c in libxls 1.4.0 has a double free that allows attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2017-2897.

References

https://github.com/evanmiller/libxls/issues/34
https://security.gentoo.org/glsa/202003-64

Vulnerable Configurations

cpe:2.3:a:libxls_project:libxls:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:libxls_project:libxls:1.4.0:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 30-03-2020 - 17:15)
Impact:
Exploitability:

CWE

CWE-415

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

gentoo	GLSA-202003-64
misc	https://github.com/evanmiller/libxls/issues/34

Last major update

30-03-2020 - 17:15

Published

25-12-2018 - 17:29

Last modified

30-03-2020 - 17:15