A denial of service flaw was found in the way the LibreOffice RTF Tokenizer used to resolve certain keywords being present in the Rich Text Format (RTF) document. A remote attacker could provide a specially-crafted RTF file, which once opened by a local, unsuspecting LibreOffice tools suite user would lead to excessive CPU usage by the tool used for opening that file. Upstream bug report: [1] https://bugs.freedesktop.org/show_bug.cgi?id=48640 Upstream patch (against 3.5 branch): [2] http://cgit.freedesktop.org/libreoffice/core/commit/?id=51c8c95b2864b49e7bcbd824eacedb5778a758c0&g=libreoffice-3-5 References: [3] http://didasec.wordpress.com/2012/04/16/libreoffice-3-5-2-2-soffice-exesoffice-bin-memory-corruption/ [4] http://shinnai.altervista.org/exploits/SH-016-20120416.html [5] http://seclists.org/fulldisclosure/2012/Apr/201
CVE Request: [6] http://www.openwall.com/lists/oss-security/2012/04/19/9
This issue did NOT affect the versions of the openoffice.org package, as shipped with Red Hat Enterprise Linux 5 and 6. -- This issue did NOT affect the versions of the libreoffice package, as shipped with Fedora release of 15 and 16.