CLD-365 Details
Other IDs this deficiency may be known by:
Basic Information:
| Affected Package(s) |
libreoffice |
| Deficiency Type |
SECURITY |
| Date Created |
2018-04-16 15:06:18 |
| Date Last Modified |
2018-04-17 11:03:17 |
Version Specific Information:
| Cucumber 1.0 i686 | fixed in libreoffice-5.3.7.2-i686-3 |
| Cucumber 1.0 x86_64 | fixed in libreoffice-5.3.7.2-x86_64-3 |
| Cucumber 1.1 i686 |
fixed in libreoffice-5.3.7.2-i686-3 |
| Cucumber 1.1 x86_64 |
fixed in libreoffice-5.3.7.2-x86_64-3 |
Details:
=================================== Overview ===================================
The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in
LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a
customizations index, which allows remote attackers to cause a denial of
service (heap-based buffer overflow with write access) or possibly have
unspecified other impact via a crafted document.
================================= Our Analysis =================================
----- Affected Products -----
LibreOffice 5.3.7.2 as originally packaged in Cucumber Linux 1.0 and 1.1 is
vulnerable.
----- Scope and Impact of this Vulnerability -----
Denial of service (heap based buffer overflow) resulting in other possible
unspecified impacts via a specially crafter document.
----- Fix for this Vulnerability -----
Fixed in commit: https://gerrit.libreoffice.org/gitweb?p=core.git;a=commit;h=017fcc2fcd00af17a97bd5463d89662404f57667
================================= Our Solution =================================
We have applied the aforementioned patch and rebuilt.