A NULL pointer dereference flaw was found in the way Apache OpenOffice and LibreOffice, office productivity suites, used to previously handle certain Microsoft Office Open XML format / Microsoft Office Word Macro-Enabled (DOCM) documents. A remote attacker could provide a specially-crafted DOCM format file that, when processed in some application from the Apache OpenOffice or LibreOffice suites would lead to that applications crash. References: [1] http://www.openoffice.org/security/cves/CVE-2013-4156.html [2] http://www.libreoffice.org/advisories/cve-2013-4156/
This issue affects the version of the openoffice.org package, as shipped with Red Hat Enterprise Linux 5. -- This issue affects the version of the libreoffice package, as shipped with Red Hat Enterprise Linux 6. -- This issue did not affect the versions of the libreoffice package, as shipped with Fedora release of 18 and 19.
(In reply to Jan Lieskovsky from comment #0) > A NULL pointer dereference flaw was found in the way Apache OpenOffice and > LibreOffice, office productivity suites, used to previously handle certain > Microsoft Office Open XML format / Microsoft Office Word Macro-Enabled > (DOCM) documents. A remote attacker could provide a specially-crafted DOCM > format file that, when processed in some application from the Apache > OpenOffice or LibreOffice suites would lead to that applications crash. I thought our policy was to ignore plain crashes?
Upstream commits: Apache OpenOffice: http://svn.apache.org/viewvc?view=revision&revision=r1491415 LibreOffice: http://cgit.freedesktop.org/libreoffice/core/commit/writerfilter/source/ooxml/OOXMLDocumentImpl.cxx?id=d94bda0c1fd3c618b98a63f76d71e129ad06d942
Statement: We do not consider a denial of service flaw in a client application such as OpenOffice to be a security issue.