PT-2018-15388 · Libdoc+1 · Libdoc+1
Leonzhao7
·
Published
2018-12-25
·
Updated
2019-01-11
·
CVE-2018-20453
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
libdoc through 2017-10-23
Description
The issue is related to a heap-based buffer over-read in the getlong function in numutils.c, which can be exploited by attackers to cause a denial of service, resulting in an application crash. This can be achieved by providing a crafted file.
Recommendations
For libdoc through 2017-10-23, consider updating to a version released after 2017-10-23 to resolve the issue. As a temporary workaround, restrict the processing of crafted files to minimize the risk of exploitation.
Exploit
Fix
DoS
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Libdoc