CVE-2018-19208

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libwpd version 0.10.2

Description The issue is related to a NULL pointer dereference in the WP6ContentListener::defineTable() function, which can lead to a denial of service attack. This is associated with errors in pointer handling. The exploitation of this issue may allow a remote attacker to cause a service disruption.

Recommendations For libwpd version 0.10.2, consider disabling the WP6ContentListener::defineTable() function as a temporary workaround until a patch is available. Restrict access to the WP6ContentListener module to minimize the risk of exploitation.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2020-2336

ALT-PU-2023-4811

BDU:2023-05426

CESA-2019_2126

CVE-2018-19208

MGASA-2018-0481

OPENSUSE-SU-2018_3842-1

OPENSUSE-SU-2018_3886-1

OPENSUSE-SU-2024:11013-1

RHSA-2019:2126

RHSA-2019_2126

SUSE-SU-2018:3812-1

SUSE-SU-2018:3812-2

SUSE-SU-2018:3870-1

SUSE-SU-2018_3812-1

SUSE-SU-2018_3812-2

SUSE-SU-2018_3870-1

Affected Products

Alt Linux

Centos

Red Hat

Suse

Libwpd

CVE-2018-19208

Weakness Enumeration

Related Identifiers

Affected Products

References · 25