| Errata ID | 351 |
|---|---|
| Date | 2018-05-08 |
| Source package | libreoffice |
| Fixed in version | 1:4.3.3-2+deb8u11 |
| Description | This update addresses the following issues: * A vulnerability in OpenOffice's PPT file parser allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution. (CVE-2017-12607) * A vulnerability in Apache OpenOffice Writer DOC file parser allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution. (CVE-2017-12608) * Remote arbitrary file disclosure vulnerability via WEBSERVICE formula (CVE-2018-6871) * Use after free in sdstor/stgstrms.cxx:StgSmallStrm class allows for denial of service with crafted document. (CVE-2018-10119) * Out of bounds write in filter/ww8/ww8toolbar.cxx:SwCTBWrapper class allows for denial of service with crafted document. (CVE-2018-10120) |
| Additional notes | |
| CVE ID | CVE-2017-12607 CVE-2017-12608 CVE-2018-6871 CVE-2018-10120 CVE-2018-10119 |
| UCS Bug number | #45916 |
