CVE-2018-20452
NONE EPSS 71.2%
Published Dec 25, 20187y ago · Modified Jun 17, 20262w ago
Published Dec 25, 2018 7y ago
Last Modified Jun 17, 2026 2w ago
Description
The read_MSAT_body function in ole.c in libxls 1.4.0 has an invalid free that allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, because of inconsistent memory management (new versus free) in ole2_read_header in ole.c.
Threat Intelligence
EPSS Exploit Probability
71.2% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| libxls_project | libxls | 1.4.0 | any |
References 2
- github.com https://github.com/evanmiller/libxls/issues/35
- security.gentoo.org https://security.gentoo.org/glsa/202003-64
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.