PT-2018-15304 · Libexcel · Libexcel

Fantasyoung

Published

2018-12-20

Updated

2019-01-31

CVE-2018-20304

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libexcel version 0.01

Description The issue allows attackers to cause a denial of service (SEGV) via a long second argument in the wbook addworksheet function in workbook.c.

Recommendations For libexcel version 0.01, consider restricting the length of the second argument passed to the wbook addworksheet function to prevent the denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2018-20304

Affected Products

Libexcel

PT-2018-15304 · Libexcel · Libexcel

CVE-2018-20304

Weakness Enumeration

Related Identifiers

Affected Products

References · 3