Libxls@1.4.0 Security Vulnerabilities and Issues — Libxls@1.4.0 CVE List

Lucene search

Libxls ProjectLibxls1.4.0

3 matches found

CVE•added 2017/11/20 10:29 p.m.•52 views

CVE-2017-2897

An exploitable out-of-bounds write vulnerability exists in the read_MSAT function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.

8.8CVSS7.3AI score0.01506EPSS

CVE•added 2018/12/25 5:29 p.m.•44 views

CVE-2018-20452

The read_MSAT_body function in ole.c in libxls 1.4.0 has an invalid free that allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, because of inconsistent memory management (new versus free) in ole2_read_header in ole.c.

8.8CVSS8.4AI score0.00402EPSS

CVE•added 2018/12/25 5:29 p.m.•40 views

CVE-2018-20450

The read_MSAT function in ole.c in libxls 1.4.0 has a double free that allows attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2017-2897.

6.5CVSS6.4AI score0.01506EPSS