CVE-2018-20452
Gentoo Linux Security Advisory 202003-64
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The read_MSAT_body function in ole.c in libxls 1.4.0 has an invalid free that allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, because of inconsistent memory management (new versus free) in ole2_read_header in ole.c.
La función read_MSAT_body en ole.c en libxls 1.4.0 tiene una liberación no válida que permite que los atacantes provoquen una denegación de servicio (cierre inesperado de la aplicación) u otro tipo de impacto sin especificar mediante un archivo manipulado. Esto se debe a la gestión inconsistente de la memoria (nueva o liberada) en ole2_read_header en ole.c.
Multiple vulnerabilities have been found in libxls, the worst of which could result in the arbitrary execution of code. Versions less than 1.5.2 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-12-25 CVE Reserved
- 2018-12-25 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/evanmiller/libxls/issues/35 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/202003-64 | 2020-03-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Libxls Project Search vendor "Libxls Project" | Libxls Search vendor "Libxls Project" for product "Libxls" | 1.4.0 Search vendor "Libxls Project" for product "Libxls" and version "1.4.0" | - |
Affected
| ||||||