Other IDs this deficiency may be known by:
|Date Last Modified
Version Specific Information:
|Cucumber 1.0 i686||fixed in libreoffice-126.96.36.199-i686-1 |
|Cucumber 1.0 x86_64||fixed in libreoffice-188.8.131.52-x86_64-1 |
|Cucumber 1.1 i686
||fixed in libreoffice-184.108.40.206-i686-1 |
|Cucumber 1.1 x86_64
||fixed in libreoffice-220.127.116.11-x86_64-1 |
WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in
libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a
denial of service (heap-based buffer over-read in the WPXTableList class in
WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7.
It may lead to suffering a remote attack against a LibreOffice application
It struck me as rather odd that this labeled as affecting LibreOffice before
5.3.7 since that version hasn't been released yet (as of Sat Sep 9 08:51:28 EDT
2017 the latest 5.3 version is 5.3.6).
LibreOffice as packaged with Cucumber Linux is vulnerable to this. Since there
is a patch that fixes this vulnerability and that patch has been applied in the
Git version of LibreOffice, there will probably be a 5.3.7 release fixing this
in the near future.