CVE Vulnerabilities

CVE-2025-30379

Release of Invalid Pointer or Reference

Published: May 13, 2025 | Modified: May 19, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Weakness

The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.

Affected Software

Name Vendor Start Version End Version
365_apps Microsoft - (including) - (including)
Excel Microsoft 2016 (including) 2016 (including)
Office Microsoft 2019 (including) 2019 (including)
Office_long_term_servicing_channel Microsoft 2021 (including) 2021 (including)
Office_long_term_servicing_channel Microsoft 2024 (including) 2024 (including)
Office_online_server Microsoft * 16.0.10417.20010 (excluding)

Extended Description

This weakness can take several forms, such as:

Potential Mitigations

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, glibc in Linux provides protection against free of invalid pointers.

References