Bugzilla – Bug 1179532
VUL-1: CVE-2020-27819: libxls: NULL pointer dereference via crafted xls file
Last modified: 2024-05-14 10:38:37 UTC
rh#1903296 An issue was discovered in libxls reading Excel files before 1.6.1. A NULL pointer dereference vulnerability exists when parsing xls cells in libxls/xls2csv.c:199. It could allow a remote attacker to cause a denial of service via crafted xls file. Reference: https://github.com/libxls/libxls/issues/84 References: https://bugzilla.redhat.com/show_bug.cgi?id=1903296 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27819
Already fixed in openSUSE:Factory, but still relevant for Leap 15.2
should have been an openSUSE bug, sorry about the oversight. Let me know if this is causing access issues.
dbed5f2 is not in any released version, so this still affects TW too.
dbed5f2 is in libxls-1.6.2; TW is fine; more RQs have just been issued.
This is an autogenerated message for OBS integration: This bug (1179532) was mentioned in https://build.opensuse.org/request/show/895301 Backports:SLE-15-SP3 / libxls https://build.opensuse.org/request/show/895302 15.2 / libxls
openSUSE-SU-2021:0812-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1179532 CVE References: CVE-2020-27819 JIRA References: Sources used: openSUSE Leap 15.2 (src): libxls-1.6.2-lp152.2.3.1
openSUSE-SU-2021:0992-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1179532 CVE References: CVE-2020-27819 JIRA References: Sources used: openSUSE Backports SLE-15-SP3 (src): libxls-1.6.2-bp153.2.3.1