Vulnerabilities > CVE-2018-20450 - Double Free vulnerability in Libxls Project Libxls 1.4.0

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
libxls-project
CWE-415
nessus

Summary

The read_MSAT function in ole.c in libxls 1.4.0 has a double free that allows attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2017-2897.

Vulnerable Configurations

Part Description Count
Application
Libxls_Project
1

Common Weakness Enumeration (CWE)

Nessus

NASL familyGentoo Local Security Checks
NASL idGENTOO_GLSA-202003-64.NASL
descriptionThe remote host is affected by the vulnerability described in GLSA-202003-64 (libxls: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libxls. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to process a specially crafted Excel file using libxls, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
last seen2020-04-04
modified2020-03-31
plugin id135019
published2020-03-31
reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/135019
titleGLSA-202003-64 : libxls: Multiple vulnerabilities