CVE-2018-20450
NONE EPSS 60.4%
Published Dec 25, 20187y ago · Modified Jun 17, 20262w ago
Published Dec 25, 2018 7y ago
Last Modified Jun 17, 2026 2w ago
Description
The read_MSAT function in ole.c in libxls 1.4.0 has a double free that allows attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2017-2897.
Threat Intelligence
EPSS Exploit Probability
60.4% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-415
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| libxls_project | libxls | 1.4.0 | any |
References 2
- github.com https://github.com/evanmiller/libxls/issues/34
- security.gentoo.org https://security.gentoo.org/glsa/202003-64
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.