An exploitable out of bound write vulnerability exists in the PPTStyleSheet::PPTStyleSheet functionality of Apache OpenOffice. A specially crafted PPT file can cause an out of bound write resulting in arbitrary code execution. An attacker can send/provide a malicious PPT file to trigger this vulnerability. External References: https://www.talosintelligence.com/reports/TALOS-2017-0300 https://www.openoffice.org/security/cves/CVE-2017-12607.html https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12607
Created libreoffice tracking bugs for this issue: Affects: fedora-all [bug 1507808]
At a glance, this should be addressed by https://gerrit.libreoffice.org/gitweb?p=core.git;a=commitdiff_plain;h=6c401a7bdc4e0f5340203b9885e368cb96986aa1 . Is it possible to get a reproducer?
The actual commit fixing this is https://cgit.freedesktop.org/libreoffice/core/commit/?id=334dba623dfb0c4fb2b5292c2d03741b7b33aef1 -> no current Fedora is vulnerable.
As per LibreOffice upstream advisory mentioned in comment 0, this issue is fixed in version 5.0.2, hence only the version shipped with Red Hat Enterprise Linux 6 is vulnerable.