CVE-2016-0794 – libreoffice: Multiple out-of-bounds overflows in lwp filter
https://notcve.org/view.php?id=CVE-2016-0794
The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LotusWordPro (lwp) document. El filtro lwp en LibreOffice en versiones anteriores a 5.0.4 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de un documento LotusWordPro (lwp) manipulado. Multiple flaws were found in the Lotus Word Pro (LWP) document format parser in LibreOffice. By tricking a user into opening a specially crafted LWP document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178036.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00110.html http://lists.opensuse.org/opensuse-updates/2016-07/msg00050.html http://rhn.redhat.com/errata/RHSA-2016-2579.html http://www.debian.org/security/2016/dsa-3482 http://www.securitytracker.com/id/1035022 http://www.ubuntu.com/usn/USN-2899-1 https://www.libreoffice.org/about-us/security/advisories/cve-2016-0794 https://www.verisign.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-0795 – libreoffice: Multiple out-of-bounds overflows in lwp filter
https://notcve.org/view.php?id=CVE-2016-0795
LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro (lwp) document. LibreOffice en versiones anteriores a 5.0.5 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de un registro LwpTocSuperLayout manipulado en un documento LotusWordPro (lwp). Multiple flaws were found in the Lotus Word Pro (LWP) document format parser in LibreOffice. By tricking a user into opening a specially crafted LWP document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178036.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00110.html http://lists.opensuse.org/opensuse-updates/2016-07/msg00050.html http://rhn.redhat.com/errata/RHSA-2016-2579.html http://www.debian.org/security/2016/dsa-3482 http://www.securitytracker.com/id/1035022 http://www.ubuntu.com/usn/USN-2899-1 https://www.libreoffice.org/about-us/security/advisories/cve-2016-0795 https://www.verisign.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-5212 – libreoffice: Integer underflow in PrinterSetup length
https://notcve.org/view.php?id=CVE-2015-5212
Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted PrinterSetup data in an ODF document. Desbordamiento de entero en LibreOffice en versiones anteriores a 4.4.5 y Apache OpenOffice en versiones anteriores a 4.1.2, cuando está habilitado el ajuste de configuración 'Load printer settings with the document', permite a atacantes remotos causar una denegación de servicio (consumo de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de datos PrinterSetup manipulados en un documento ODF. An integer underflow flaw leading to a heap-based buffer overflow when parsing PrinterSetup data was discovered. By tricking a user into opening a specially crafted document, an attacker could possibly exploit this flaw to execute arbitrary code with the privileges of the user opening the file. • http://rhn.redhat.com/errata/RHSA-2015-2619.html http://www.debian.org/security/2015/dsa-3394 http://www.libreoffice.org/about-us/security/advisories/cve-2015-5212 http://www.openoffice.org/security/cves/CVE-2015-5212.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/77486 http://www.securitytracker.com/id/1034085 http://www.securitytracker.com/id/1034091 http://www.ubuntu.com/usn/USN-2793-1 https://s • CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound) •
CVE-2015-5214 – libreoffice: Bookmarks in DOC documents are insufficiently checked causing memory corruption
https://notcve.org/view.php?id=CVE-2015-5214
LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file. LibreOffice en versiones anteriores a 4.4.6 y 5.x en versiones anteriores a 5.0.1 y Apache OpenOffice en versiones anteriores a 4.1.2 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de la aplicación) o ejecutar código arbitrario a través de un índice a un marcador inexistente en un documento DOC. It was discovered that LibreOffice did not properly sanity check bookmark indexes. By tricking a user into opening a specially crafted document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. • http://rhn.redhat.com/errata/RHSA-2015-2619.html http://www.debian.org/security/2015/dsa-3394 http://www.libreoffice.org/about-us/security/advisories/cve-2015-5214 http://www.openoffice.org/security/cves/CVE-2015-5214.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/77486 http://www.securitytracker.com/id/1034086 http://www.securitytracker.com/id/1034091 http://www.ubuntu.com/usn/USN-2793-1 https://s • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-129: Improper Validation of Array Index •
CVE-2015-4551 – libreoffice: Arbitrary file disclosure in Calc and Writer
https://notcve.org/view.php?id=CVE-2015-4551
LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from local files into (1) Calc or (2) Writer. LibreOffice en versiones anteriores a 4.4.5 y Apache OpenOffice en versiones anteriores a 4.1.2 usa la información de configuración LinkUpdateMode almacenada en archivos OpenDocument Format y plantillas cuando maneja enlaces, lo que podría permitir a atacantes remotos obtener información sensible a través de un documento manipulado, lo que incrusta datos desde archivos locales a (1) Calc o (2) Writer. It was discovered that LibreOffice did not properly restrict automatic link updates. By tricking a victim into opening specially crafted documents, an attacker could possibly use this flaw to disclose contents of files accessible by the victim. • http://rhn.redhat.com/errata/RHSA-2015-2619.html http://www.debian.org/security/2015/dsa-3394 http://www.libreoffice.org/about-us/security/advisories/cve-2015-4551 http://www.openoffice.org/security/cves/CVE-2015-4551.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/77486 http://www.securitytracker.com/id/1034085 http://www.securitytracker.com/id/1034091 http://www.ubuntu.com/usn/USN-2793-1 https://s • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-787: Out-of-bounds Write •