CVE-2018-19208 — NULL Pointer Dereference in Project Libwpd

CWE-476 — NULL Pointer Dereference8 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 38.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libwpd Libwpd Project Libwpd Redhat Enterprise Linux +1 more

Timeline

PublishedNov 12

Latest updateMay 13

Description

In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶Debianlibwpd/libwpd< 0.10.2-3+3

▶NVDlibwpd_project/libwpd0.10.2

▶NVDsuse/suse_linux_enterprise_server11

Also affects: Enterprise Linux 7.0

🔴Vulnerability Details

GHSA

GHSA-5xpj-2ffv-fr89: In libwpd 0↗2022-05-13

▶

CVEList

CVE-2018-19208: In libwpd 0↗2018-11-12

▶

OSV

CVE-2018-19208: In libwpd 0↗2018-11-12

▶

📋Vendor Advisories

Red Hat

libwpd: NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp↗2018-10-28

▶

Debian

CVE-2018-19208: libwpd - In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6Content...↗2018

▶

💬Community

Bugzilla

CVE-2018-19208 libwpd: NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp [fedora-all]↗2018-11-13

▶

Bugzilla

CVE-2018-19208 libwpd: NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp↗2018-11-13

▶