CVE-2018-20452

NONE EPSS 71.2%
Published Dec 25, 20187y ago · Modified Jun 17, 20262w ago
Find Similar
Published Dec 25, 2018 7y ago
Last Modified Jun 17, 2026 2w ago

Description

The read_MSAT_body function in ole.c in libxls 1.4.0 has an invalid free that allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, because of inconsistent memory management (new versus free) in ole2_read_header in ole.c.

Threat Intelligence

EPSS Exploit Probability
71.2% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety

Affected Products 1

VendorProductVersionRange
libxls_projectlibxls1.4.0any

References 2

  • github.com https://github.com/evanmiller/libxls/issues/35
    ExploitThird Party Advisory
  • security.gentoo.org https://security.gentoo.org/glsa/202003-64

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.