1306609 – (CVE-2016-0794, CVE-2016-0795) CVE-2016-0794 CVE-2016-0795 libreoffice: Multiple out-of-bounds overflows in lwp filter

Bug 1306609 (CVE-2016-0794, CVE-2016-0795) - CVE-2016-0794 CVE-2016-0795 libreoffice: Multiple out-of-bounds overflows in lwp filter

Summary: CVE-2016-0794 CVE-2016-0795 libreoffice: Multiple out-of-bounds overflows in ...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2016-0794, CVE-2016-0795
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1309207 1334176
Blocks:	1308578 1323912
TreeView+	depends on / blocked

Reported:	2016-02-11 12:46 UTC by Adam Mariš
Modified:	2019-11-14 07:26 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Multiple flaws were found in the Lotus Word Pro (LWP) document format parser in LibreOffice. By tricking a user into opening a specially crafted LWP document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file.
Clone Of:
Environment:
Last Closed:	2019-06-08 02:48:18 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2016:2579	0	normal	SHIPPED_LIVE	Moderate: libreoffice security, bug fix, and enhancement update	2016-11-03 12:07:37 UTC

Description Adam Mariš 2016-02-11 12:46:22 UTC

Multiple out-of-bounds access vulnerabilities were found in lwp filter in libreoffice 5.0.5 and 5.0.4.

5.0.5
=====

https://github.com/LibreOffice/core/commit/e0dca588239c0902ea90fcdc2b6d0ee2b1525ec2

5.0.4
=====

https://github.com/LibreOffice/core/commit/539fda2d5527742023eb7ce537113639ed1c1982
https://github.com/LibreOffice/core/commit/64070e8f3ec976f48e233064795eff756b6d5146
https://github.com/LibreOffice/core/commit/21e0778bcbb2d90e471f59166e74c00aa044a1df
https://github.com/LibreOffice/core/commit/85a2cd37fc60cd53a892b27a18d4b5272988361c

Comment 2 Andrej Nemec 2016-02-17 08:15:52 UTC

Created libreoffice tracking bugs for this issue:

Affects: fedora-all [bug 1309207]

Comment 3 Andrej Nemec 2016-02-17 08:17:47 UTC

Public via:

http://www.ubuntu.com/usn/usn-2899-1/

Comment 4 Andrej Nemec 2016-02-17 13:31:20 UTC

LibreOffice advisories:

http://www.libreoffice.org/about-us/security/advisories/cve-2016-0794/
http://www.libreoffice.org/about-us/security/advisories/cve-2016-0795/

Comment 8 errata-xmlrpc 2016-11-03 19:03:21 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:2579 https://rhn.redhat.com/errata/RHSA-2016-2579.html

Note You need to log in before you can comment on or make changes to this bug.