PT-2018-3934 · Libreoffice+4 · Libwpd+4

Shuitao Gan

Publicado

2018-10-28

Atualizado

2023-08-14

CVE-2018-19208

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libwpd version 0.10.2

Description The issue is related to a NULL pointer dereference in the WP6ContentListener::defineTable() function, which can lead to a denial of service attack. This is associated with errors in pointer handling. The exploitation of this issue may allow a remote attacker to cause a service disruption.

Recommendations For libwpd version 0.10.2, consider disabling the WP6ContentListener::defineTable() function as a temporary workaround until a patch is available. Restrict access to the WP6ContentListener module to minimize the risk of exploitation.

Exploit

Correção

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

ALT-PU-2020-2336

ALT-PU-2023-4811

BDU:2023-05426

CESA-2019_2126

CVE-2018-19208

MGASA-2018-0481

OPENSUSE-SU-2018_3842-1

OPENSUSE-SU-2018_3886-1

OPENSUSE-SU-2024:11013-1

RHSA-2019:2126

RHSA-2019_2126

SUSE-SU-2018:3812-1

SUSE-SU-2018:3812-2

SUSE-SU-2018:3870-1

SUSE-SU-2018_3812-1

SUSE-SU-2018_3812-2

SUSE-SU-2018_3870-1

Produtos afetados

Alt Linux

Centos

Red Hat

Suse

Libwpd

PT-2018-3934 · Libreoffice+4 · Libwpd+4

CVE-2018-19208

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 25