CVE-2018-20450

NONE EPSS 60.4%
Published Dec 25, 20187y ago · Modified Jun 17, 20262w ago
Find Similar
Published Dec 25, 2018 7y ago
Last Modified Jun 17, 2026 2w ago

Description

The read_MSAT function in ole.c in libxls 1.4.0 has a double free that allows attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2017-2897.

Threat Intelligence

EPSS Exploit Probability
60.4% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-415

Affected Products 1

VendorProductVersionRange
libxls_projectlibxls1.4.0any

References 2

  • github.com https://github.com/evanmiller/libxls/issues/34
    ExploitIssue TrackingThird Party Advisory
  • security.gentoo.org https://security.gentoo.org/glsa/202003-64

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.