An exploitable out-of-bounds write vulnerability exists in the WW8RStyle::ImportOldFormatStyles functionality of Apache OpenOffice 4.1.3. A specially crafted doc file can cause a out-of-bounds write resulting in arbitrary code execution. An attacker can send/provide malicious doc file to trigger this vulnerability. External References: https://www.talosintelligence.com/reports/TALOS-2017-0301 https://www.openoffice.org/security/cves/CVE-2017-12608.html https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12608
Created libreoffice tracking bugs for this issue: Affects: fedora-all [bug 1507808]
Most likely fixed by https://gerrit.libreoffice.org/gitweb?p=core.git;a=commitdiff_plain;h=42a709d1ef647aab9a1c9422b4e25ecaee857aba , which would mean no Fedora version is vulnerable. Is there any reproducer?
Caolan confirms this is fixed by the mentioned commit, so no current Fedora is vulnerable.
As per LibreOffice upstream advisory mentioned in comment 0, this issue is fixed in version 5.0.2, hence only the version shipped with Red Hat Enterprise Linux 6 is vulnerable.