Bug 872350 (CVE-2012-4233)

Summary: CVE-2012-4233 libreoffice: multiple null pointer dereference flaws
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: caolanm, dtardon, erack, fweimer, jlieskov, ltinkl, mstahl, sbergman
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-11-06 17:31:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Vincent Danen 2012-11-01 20:40:10 UTC
It was reported [1] that LibreOffice suffered from multiple NULL pointer dereference flaws in at least version 3.5.5.3 and possibly earlier.  These flaws are reported to be corrected in 3.5.7.2 [2], however I am unable to find a specific reference for this CVE on the LibreOffice site.  Debian has released an advisory for OpenOffice.org [3] so it presumably affected as well.

These flaws affect ODT files, ODG files, PPT files (when handling the PolyPolygon record within an embedded .wmf file), and XLS files.

Checking the LibreOffice git, I see two commits that may be relevant [4],[5].  However there are a lot of commits to go through between now and the time that High-Tech Bridge indicates they reported the flaws upstream (July 26th, 2012).

[1] https://www.htbridge.com/advisory/HTB23106
[2] http://www.libreoffice.org/download/release-notes/#LO355
[3] http://www.debian.org/security/2012/dsa-2570
[4] http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5-7&id=f95762beb3b5849bfaccd39523a11fe15b191d89
[5] http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5-7&id=8ca9fb05c9967f11670d045886438ddfa3ac02a7

Comment 1 David Tardon 2012-11-02 06:07:43 UTC
I thought our policy was not to consider application crash a security issue. Has this changed? Or what is it about these crashes that makes them special (as opposed to, e.g., crashes reported by abrt, which are not marked as security issues)?

Comment 3 Jan Lieskovsky 2012-11-02 13:45:13 UTC
Upstream advisory:
  https://www.libreoffice.org/advisories/cve-2012-4233/

Comment 17 Jan Lieskovsky 2012-11-06 17:31:18 UTC
Statement:

Red Hat Security Response Team does not consider a user assisted denial of service (and potential crash) of end user application, such as tools from LibreOffice productivity suite, to be a security issue.