CVE-2018-20450

MEDIUM

Libxls - Double Free

Title source: rule

Description

The read_MSAT function in ole.c in libxls 1.4.0 has a double free that allows attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2017-2897.

References (2)

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/evanmiller/libxls/issues/34

[Third Party Advisory] https://security.gentoo.org/glsa/202003-64

Scores

CVSS v3 6.5

EPSS 0.0026

EPSS Percentile 48.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-415

Status published

Affected Products (1)

libxls_project/libxls

Timeline

Published Dec 25, 2018

Tracked Since Feb 18, 2026