CVE-2018-11790

CWE-6827 documents6 sources

Severity

7.8HIGH

EPSS

0.5%

top 34.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Openoffice Apache Software Foundation Apache Openoffice Canonical Ubuntu Linux

Timeline

PublishedJan 31

Latest updateMay 13

Description

When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDapache/openoffice4.1.5

▶CVEListV5apache_software_foundation/apache_openofficeApache OpenOffice 4.1.5 and earlier

▶Debianlibreoffice< 1:4.0.3-1+3

▶Ubuntulibreoffice< 1:4.2.8-0ubuntu5.5+1

Also affects: Ubuntu Linux 14.04, 16.04

Patches

Patch: www.openoffice.org ↗Patch: www.openoffice.org ↗

🔴Vulnerability Details

GHSA

GHSA-jv89-hcw9-2wwr: When loading a document with Apache Open Office 4↗2022-05-13

▶

OSV

libreoffice vulnerabilities↗2019-02-06

▶

CVEList

CVE-2018-11790: When loading a document with Apache Open Office 4↗2019-01-31

▶

OSV

CVE-2018-11790: When loading a document with Apache Open Office 4↗2019-01-31

▶

📋Vendor Advisories

Ubuntu

LibreOffice vulnerabilities↗2019-02-06

▶

Debian

CVE-2018-11790: libreoffice - When loading a document with Apache Open Office 4.1.5 and earlier with smaller e...↗2018

▶