MidnightBSD

Advisories for libdoc_project

CVE-2018-20451 MEDIUM

The process_file function in reader.c in libdoc through 2017-10-23 has a heap-based buffer over-read that allows attackers to cause a denial of service (application crash) via a crafted file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libdoc_project libdoc *
CVE-2018-20453 MEDIUM

The getlong function in numutils.c in libdoc through 2017-10-23 has a heap-based buffer over-read that allows attackers to cause a denial of service (application crash) via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libdoc_project libdoc *
CVE-2019-7156 MEDIUM

In libdoc through 2019-01-28, calcFileBlockOffset in ole.c allows division by zero.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
libdoc_project libdoc *
CVE-2019-7233 MEDIUM

In libdoc through 2019-01-28, doc2text in catdoc.c has a NULL pointer dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
libdoc_project libdoc 20190128