Bug 872350 (CVE-2012-4233) - CVE-2012-4233 libreoffice: multiple null pointer dereference flaws
Summary: CVE-2012-4233 libreoffice: multiple null pointer dereference flaws
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2012-4233
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-11-01 20:40 UTC by Vincent Danen
Modified: 2021-02-17 08:27 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-11-06 17:31:18 UTC


Attachments (Terms of Use)

Description Vincent Danen 2012-11-01 20:40:10 UTC
It was reported [1] that LibreOffice suffered from multiple NULL pointer dereference flaws in at least version 3.5.5.3 and possibly earlier.  These flaws are reported to be corrected in 3.5.7.2 [2], however I am unable to find a specific reference for this CVE on the LibreOffice site.  Debian has released an advisory for OpenOffice.org [3] so it presumably affected as well.

These flaws affect ODT files, ODG files, PPT files (when handling the PolyPolygon record within an embedded .wmf file), and XLS files.

Checking the LibreOffice git, I see two commits that may be relevant [4],[5].  However there are a lot of commits to go through between now and the time that High-Tech Bridge indicates they reported the flaws upstream (July 26th, 2012).

[1] https://www.htbridge.com/advisory/HTB23106
[2] http://www.libreoffice.org/download/release-notes/#LO355
[3] http://www.debian.org/security/2012/dsa-2570
[4] http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5-7&id=f95762beb3b5849bfaccd39523a11fe15b191d89
[5] http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5-7&id=8ca9fb05c9967f11670d045886438ddfa3ac02a7

Comment 1 David Tardon 2012-11-02 06:07:43 UTC
I thought our policy was not to consider application crash a security issue. Has this changed? Or what is it about these crashes that makes them special (as opposed to, e.g., crashes reported by abrt, which are not marked as security issues)?

Comment 3 Jan Lieskovsky 2012-11-02 13:45:13 UTC
Upstream advisory:
  https://www.libreoffice.org/advisories/cve-2012-4233/

Comment 17 Jan Lieskovsky 2012-11-06 17:31:18 UTC
Statement:

Red Hat Security Response Team does not consider a user assisted denial of service (and potential crash) of end user application, such as tools from LibreOffice productivity suite, to be a security issue.


Note You need to log in before you can comment on or make changes to this bug.