CVE-2018-20453Out-of-bounds Read in Project Libdoc

CWE-125Out-of-bounds Read4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 46.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Libdoc Project LibdocDebian Catdoc
Timeline
PublishedDec 25
Latest updateMay 14

Description

The getlong function in numutils.c in libdoc through 2017-10-23 has a heap-based buffer over-read that allows attackers to cause a denial of service (application crash) via a crafted file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDlibdoc_project/libdoc20171023
debiandebian/catdoc

🔴Vulnerability Details

2
GHSA
GHSA-33r2-7prf-93fv: The getlong function in numutils2022-05-14
OSV
CVE-2018-20453: The getlong function in numutils2018-12-25

📋Vendor Advisories

1
Debian
CVE-2018-20453: catdoc - The getlong function in numutils.c in libdoc through 2017-10-23 has a heap-based...2018
CVE-2018-20453 — Out-of-bounds Read in Project Libdoc | cvebase