It was reported [1] that LibreOffice suffered from multiple NULL pointer dereference flaws in at least version 3.5.5.3 and possibly earlier. These flaws are reported to be corrected in 3.5.7.2 [2], however I am unable to find a specific reference for this CVE on the LibreOffice site. Debian has released an advisory for OpenOffice.org [3] so it presumably affected as well. These flaws affect ODT files, ODG files, PPT files (when handling the PolyPolygon record within an embedded .wmf file), and XLS files. Checking the LibreOffice git, I see two commits that may be relevant [4],[5]. However there are a lot of commits to go through between now and the time that High-Tech Bridge indicates they reported the flaws upstream (July 26th, 2012). [1] https://www.htbridge.com/advisory/HTB23106 [2] http://www.libreoffice.org/download/release-notes/#LO355 [3] http://www.debian.org/security/2012/dsa-2570 [4] http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5-7&id=f95762beb3b5849bfaccd39523a11fe15b191d89 [5] http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5-7&id=8ca9fb05c9967f11670d045886438ddfa3ac02a7
I thought our policy was not to consider application crash a security issue. Has this changed? Or what is it about these crashes that makes them special (as opposed to, e.g., crashes reported by abrt, which are not marked as security issues)?
Upstream advisory: https://www.libreoffice.org/advisories/cve-2012-4233/
Statement: Red Hat Security Response Team does not consider a user assisted denial of service (and potential crash) of end user application, such as tools from LibreOffice productivity suite, to be a security issue.