CVE-2020-27819 — NULL Pointer Dereference in Project Libxls

CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 49.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libxls Project Libxls Debian R-cran-readxl

Timeline

PublishedFeb 23

Latest updateMay 24

Description

An issue was discovered in libxls before and including 1.6.1 when reading Microsoft Excel files. A NULL pointer dereference vulnerability exists when parsing XLS cells in libxls/xls2csv.c:199. It could allow a remote attacker to cause a denial of service via crafted XLS file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDlibxls_project/libxls< 1.6.2

▶CVEListV5libxls_project/libxlslibxls before 1.6.2

▶debiandebian/r-cran-readxl

🔴Vulnerability Details

GHSA

GHSA-fp3r-w9w2-jg2f: An issue was discovered in libxls before and including 1↗2022-05-24

▶

OSV

CVE-2020-27819: An issue was discovered in libxls before and including 1↗2021-02-23

▶

📋Vendor Advisories

Debian

CVE-2020-27819: r-cran-readxl - An issue was discovered in libxls before and including 1.6.1 when reading Micros...↗2020

▶