The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of libxls: NULL pointer dereference via xls2csv.c

Synthesis of the vulnerability 

An attacker can force a NULL pointer to be dereferenced via xls2csv.c of libxls, in order to trigger a denial of service.
Impacted software: Fedora, openSUSE Leap.
Severity of this computer vulnerability: 2/4.
Creation date: 14/12/2020.
Références of this announce: CVE-2020-27819, FEDORA-2020-688a51575a, FEDORA-2020-ad84def381, openSUSE-SU-2021:0812-1, VIGILANCE-VUL-34096.

Description of the vulnerability 

An attacker can force a NULL pointer to be dereferenced via xls2csv.c of libxls, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity weakness impacts software or systems such as Fedora, openSUSE Leap.

Our Vigil@nce team determined that the severity of this security vulnerability is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this vulnerability bulletin.

Solutions for this threat 

Fedora 32-33: new libxls packages.
New packages are available:
  Fedora 32: libxls 1.5.3-3.fc32
  Fedora 33: libxls 1.6.1-2.fc33

openSUSE Leap 15.2: new libxls packages.
New packages are available:
  openSUSE Leap 15.2: libxls 1.6.2-lp152.2.3.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a network vulnerability alert. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.