CVE-2016-10327
https://notcve.org/view.php?id=CVE-2016-10327
LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx. LibreOffice en versiones anteriores a 22-12-2016 tiene una escritura fuera de límites provocada por un desbordamiento de búfer basado en memoria dinámica relacionado con la función EnhWMFReader::ReadEnhWMF en VCL/fuente/filtro/WMF/enhwmf.cxx. • http://www.libreoffice.org/about-us/security/advisories/cve-2016-10327 http://www.securityfocus.com/bid/97668 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=313 https://github.com/LibreOffice/core/commit/7485fc2a1484f31631f62f97e5c64c0ae74c6416 https://security.gentoo.org/glsa/201706-28 • CWE-787: Out-of-bounds Write •
CVE-2017-7856
https://notcve.org/view.php?id=CVE-2017-7856
LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source/gdi/svmconverter.cxx. LibreOffice en versiones anteriores a 11-03-2017 tiene una escritura fuera de límites provocado por un desbordamiento de búfer basado en memoria dinámica en la función SVMConverter::ImplConvertFromSVM1 en vcl/source/gdi/svmconverter.cxx • http://www.libreoffice.org/about-us/security/advisories/cve-2017-7856 http://www.securityfocus.com/bid/97667 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=817 https://github.com/LibreOffice/core/commit/28e61b634353110445e334ccaa415d7fb6629d62 • CWE-787: Out-of-bounds Write •
CVE-2016-4324
https://notcve.org/view.php?id=CVE-2016-4324
Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens. Vulnerabilidad de uso después de liberación de memoria en LibreOffice en versiones anteriores a 5.1.4 permite a atacantes remotos ejecutar código arbitrario a través de un archivo RTF manipulado, relacionado con los tokens stylesheet y superscript. • http://www.debian.org/security/2016/dsa-3608 http://www.libreoffice.org/about-us/security/advisories/cve-2016-4324 http://www.securityfocus.com/bid/91499 http://www.securitytracker.com/id/1036209 http://www.talosintelligence.com/reports/TALOS-2016-0126 http://www.ubuntu.com/usn/USN-3022-1 https://security.gentoo.org/glsa/201611-03 • CWE-20: Improper Input Validation •
CVE-2016-0794 – libreoffice: Multiple out-of-bounds overflows in lwp filter
https://notcve.org/view.php?id=CVE-2016-0794
The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LotusWordPro (lwp) document. El filtro lwp en LibreOffice en versiones anteriores a 5.0.4 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de un documento LotusWordPro (lwp) manipulado. Multiple flaws were found in the Lotus Word Pro (LWP) document format parser in LibreOffice. By tricking a user into opening a specially crafted LWP document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178036.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00110.html http://lists.opensuse.org/opensuse-updates/2016-07/msg00050.html http://rhn.redhat.com/errata/RHSA-2016-2579.html http://www.debian.org/security/2016/dsa-3482 http://www.securitytracker.com/id/1035022 http://www.ubuntu.com/usn/USN-2899-1 https://www.libreoffice.org/about-us/security/advisories/cve-2016-0794 https://www.verisign.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-0795 – libreoffice: Multiple out-of-bounds overflows in lwp filter
https://notcve.org/view.php?id=CVE-2016-0795
LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro (lwp) document. LibreOffice en versiones anteriores a 5.0.5 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de un registro LwpTocSuperLayout manipulado en un documento LotusWordPro (lwp). Multiple flaws were found in the Lotus Word Pro (LWP) document format parser in LibreOffice. By tricking a user into opening a specially crafted LWP document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178036.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00110.html http://lists.opensuse.org/opensuse-updates/2016-07/msg00050.html http://rhn.redhat.com/errata/RHSA-2016-2579.html http://www.debian.org/security/2016/dsa-3482 http://www.securitytracker.com/id/1035022 http://www.ubuntu.com/usn/USN-2899-1 https://www.libreoffice.org/about-us/security/advisories/cve-2016-0795 https://www.verisign.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •