LibreOffice before versions 18.104.22.168 and 22.214.171.124 has a missing bounds check in sw/source/filter/ww8/ww8toolbar.cxx:SwCTBWrapper::Read() allowing for an out of bounds write. An attacker could exploit this to cause a denial of service via crafted document.
Created libreoffice tracking bugs for this issue:
Affects: fedora-all [bug 1569841]
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2018:3054 https://access.redhat.com/errata/RHSA-2018:3054