CVE-2017-14226
https://notcve.org/view.php?id=CVE-2017-14226
WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application. WP1StylesListener.cpp, WP5StylesListener.cpp, y WP42StylesListener.cpp en libwpd 0.10.1 no gestiona iteradores correctamente, lo que permite que atacantes remotos provoquen una denegación de servicio (sobrelectura de búfer basada en montículos en la clase WPXTableList en WPXTable.cpp). Esta vulnerabilidad puede desencadenarse en LibreOffice en versiones anteriores a la 5.3.7. • https://bugs.documentfoundation.org/show_bug.cgi?id=112269 https://bugzilla.redhat.com/show_bug.cgi?id=1489337 https://cgit.freedesktop.org/libreoffice/core/commit/?id=dd89afa6ee8166b69e7a1e86f22616ca8fc122c9 https://sourceforge.net/p/libwpd/code/ci/0329a9c57f9b3b0efa0f09a5235dfd90236803a5 https://sourceforge.net/p/libwpd/code/ci/f40827b3eae260ce657c67d9fecc855b09dea3c3 https://sourceforge.net/p/libwpd/tickets/14 • CWE-125: Out-of-bounds Read •
CVE-2017-8358
https://notcve.org/view.php?id=CVE-2017-8358
LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpegc.cxx. LibreOffice anterior al 17-03-2017 tiene una escritura fuera de rango causada por un desbordamiento de búfer basado en memoria dinámica, relacionado con la función ReadJPEG en vcl/source/filter/jpeg/jpegc.cxx. • http://www.securityfocus.com/bid/98395 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=889 https://github.com/LibreOffice/core/commit/6e6e54f944a5ebb49e9110bdeff844d00a96c56c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2017-7882
https://notcve.org/view.php?id=CVE-2017-7882
LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx. LibreOffice en versiones anteriores a 14-03-2017 tiene una escritura fuera de límites relacionada con la función HWPFile::TagsRead en hwpfilter/source/hwpfile.cxx. • http://www.libreoffice.org/about-us/security/advisories/cve-2017-7882 http://www.securityfocus.com/bid/97684 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=860 https://github.com/LibreOffice/core/commit/65dcd1d8195069c8c8acb3a188b8e5616c51029c • CWE-787: Out-of-bounds Write •
CVE-2017-7870 – libreoffice: Heap-buffer-overflow in tools::Polygon::Insert
https://notcve.org/view.php?id=CVE-2017-7870
LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx. LibreOffice en versiones anteriores a 02-01-2017 tiene una escritura fuera de límites provocado por un desbordamiento de búfer basado en memoria dinámica en relación con la función tools::Polygon::Insert en tools/source/generic/poly.cxx An out-of-bounds write flaw was found in the way Libreoffice rendered certain documents containing Polygon images. By tricking a user into opening a specially crafted LibreOffice file, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. • http://www.debian.org/security/2017/dsa-3837 http://www.libreoffice.org/about-us/security/advisories/cve-2017-7870 http://www.securityfocus.com/bid/97671 http://www.securitytracker.com/id/1039029 https://access.redhat.com/errata/RHSA-2017:1975 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=372 https://github.com/LibreOffice/core/commit/62a97e6a561ce65e88d4c537a1b82c336f012722 https://security.gentoo.org/glsa/201706-28 https://access.redhat.com/security/cve/CVE-2017-7870 https: • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2016-10327
https://notcve.org/view.php?id=CVE-2016-10327
LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx. LibreOffice en versiones anteriores a 22-12-2016 tiene una escritura fuera de límites provocada por un desbordamiento de búfer basado en memoria dinámica relacionado con la función EnhWMFReader::ReadEnhWMF en VCL/fuente/filtro/WMF/enhwmf.cxx. • http://www.libreoffice.org/about-us/security/advisories/cve-2016-10327 http://www.securityfocus.com/bid/97668 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=313 https://github.com/LibreOffice/core/commit/7485fc2a1484f31631f62f97e5c64c0ae74c6416 https://security.gentoo.org/glsa/201706-28 • CWE-787: Out-of-bounds Write •