Libxls Security Vulnerabilities and Issues — Libxls CVE List

Lucene search

Libxls ProjectLibxls

4 matches found

CVE•added 2018/04/24 7:29 p.m.•56 views

CVE-2017-12108

An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULBLANK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerabil...

8.8CVSS9AI score0.01818EPSS

CVE•added 2018/04/24 7:29 p.m.•52 views

CVE-2017-12109

An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULRK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability...

8.8CVSS9AI score0.01818EPSS

CVE•added 2018/12/25 5:29 p.m.•44 views

CVE-2018-20452

The read_MSAT_body function in ole.c in libxls 1.4.0 has an invalid free that allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, because of inconsistent memory management (new versus free) in ole2_read_header in ole.c.

8.8CVSS8.4AI score0.00402EPSS

CVE•added 2018/12/25 5:29 p.m.•40 views

CVE-2018-20450

The read_MSAT function in ole.c in libxls 1.4.0 has a double free that allows attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2017-2897.

6.5CVSS6.4AI score0.01506EPSS