1444054 – (CVE-2017-7856) CVE-2017-7856 libreoffice: Heap-buffer-overflow in SVMConverter::ImplConvertFromSVM1

Bug 1444054 (CVE-2017-7856) - CVE-2017-7856 libreoffice: Heap-buffer-overflow in SVMConverter::ImplConvertFromSVM1

Summary: CVE-2017-7856 libreoffice: Heap-buffer-overflow in SVMConverter::ImplConvertF...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2017-7856
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1444065
Blocks:	1444063
TreeView+	depends on / blocked

Reported:	2017-04-20 13:36 UTC by Andrej Nemec
Modified:	2019-09-29 14:11 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2017-04-21 13:14:57 UTC
Embargoed:

Attachments	(Terms of Use)

Description Andrej Nemec 2017-04-20 13:36:12 UTC

LibreOffice has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source/gdi/svmconverter.cxx.

References:

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=817

Upstream patch:

https://github.com/LibreOffice/core/commit/28e61b634353110445e334ccaa415d7fb6629d62

Comment 1 Andrej Nemec 2017-04-20 13:45:08 UTC

Created libreoffice tracking bugs for this issue:

Affects: fedora-all [bug 1444065]

Comment 2 Caolan McNamara 2017-04-21 11:03:55 UTC

This particular CVE refers specifically to https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=817 which is a bug introduced on the 19 Jan 2017 and fixed on 11 March 2017, so there was never a release with this bug in it.

Note You need to log in before you can comment on or make changes to this bug.