Note:
This project will be discontinued after December 13, 2021. [more]
2018-12-25
The read_MSAT function in ole.c in libxls 1.4.0 has a double free that allows attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2017-2897.
| Products | Libxls |
| Type | Double Free (CWE-415) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://security.gentoo.org/glsa/202003-64
• https://github.com/evanmiller/libxls/issues/34 |