CVE-2017-7882
https://notcve.org/view.php?id=CVE-2017-7882
LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx. LibreOffice en versiones anteriores a 14-03-2017 tiene una escritura fuera de límites relacionada con la función HWPFile::TagsRead en hwpfilter/source/hwpfile.cxx. • http://www.libreoffice.org/about-us/security/advisories/cve-2017-7882 http://www.securityfocus.com/bid/97684 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=860 https://github.com/LibreOffice/core/commit/65dcd1d8195069c8c8acb3a188b8e5616c51029c • CWE-787: Out-of-bounds Write •
CVE-2017-7870 – libreoffice: Heap-buffer-overflow in tools::Polygon::Insert
https://notcve.org/view.php?id=CVE-2017-7870
LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx. LibreOffice en versiones anteriores a 02-01-2017 tiene una escritura fuera de límites provocado por un desbordamiento de búfer basado en memoria dinámica en relación con la función tools::Polygon::Insert en tools/source/generic/poly.cxx An out-of-bounds write flaw was found in the way Libreoffice rendered certain documents containing Polygon images. By tricking a user into opening a specially crafted LibreOffice file, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. • http://www.debian.org/security/2017/dsa-3837 http://www.libreoffice.org/about-us/security/advisories/cve-2017-7870 http://www.securityfocus.com/bid/97671 http://www.securitytracker.com/id/1039029 https://access.redhat.com/errata/RHSA-2017:1975 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=372 https://github.com/LibreOffice/core/commit/62a97e6a561ce65e88d4c537a1b82c336f012722 https://security.gentoo.org/glsa/201706-28 https://access.redhat.com/security/cve/CVE-2017-7870 https: • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2016-10327
https://notcve.org/view.php?id=CVE-2016-10327
LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx. LibreOffice en versiones anteriores a 22-12-2016 tiene una escritura fuera de límites provocada por un desbordamiento de búfer basado en memoria dinámica relacionado con la función EnhWMFReader::ReadEnhWMF en VCL/fuente/filtro/WMF/enhwmf.cxx. • http://www.libreoffice.org/about-us/security/advisories/cve-2016-10327 http://www.securityfocus.com/bid/97668 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=313 https://github.com/LibreOffice/core/commit/7485fc2a1484f31631f62f97e5c64c0ae74c6416 https://security.gentoo.org/glsa/201706-28 • CWE-787: Out-of-bounds Write •
CVE-2017-7856
https://notcve.org/view.php?id=CVE-2017-7856
LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source/gdi/svmconverter.cxx. LibreOffice en versiones anteriores a 11-03-2017 tiene una escritura fuera de límites provocado por un desbordamiento de búfer basado en memoria dinámica en la función SVMConverter::ImplConvertFromSVM1 en vcl/source/gdi/svmconverter.cxx • http://www.libreoffice.org/about-us/security/advisories/cve-2017-7856 http://www.securityfocus.com/bid/97667 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=817 https://github.com/LibreOffice/core/commit/28e61b634353110445e334ccaa415d7fb6629d62 • CWE-787: Out-of-bounds Write •
CVE-2016-4324
https://notcve.org/view.php?id=CVE-2016-4324
Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens. Vulnerabilidad de uso después de liberación de memoria en LibreOffice en versiones anteriores a 5.1.4 permite a atacantes remotos ejecutar código arbitrario a través de un archivo RTF manipulado, relacionado con los tokens stylesheet y superscript. • http://www.debian.org/security/2016/dsa-3608 http://www.libreoffice.org/about-us/security/advisories/cve-2016-4324 http://www.securityfocus.com/bid/91499 http://www.securitytracker.com/id/1036209 http://www.talosintelligence.com/reports/TALOS-2016-0126 http://www.ubuntu.com/usn/USN-3022-1 https://security.gentoo.org/glsa/201611-03 • CWE-20: Improper Input Validation •