Debian Libreoffice vulnerabilities

CVE-2018-10119 [HIGH] CVE-2018-10119: libreoffice - sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.... sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format.

CVE-2018-10120 [HIGH] CVE-2018-10120: libreoffice - The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreO... The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Mic

CVE-2018-14939 [CRITICAL] CVE-2018-14939: libreoffice - The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6... The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web brows

CVE-2018-10583 [HIGH] CVE-2018-10583: libreoffice - An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache... An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. Scope: local bookworm: open bullseye: open forky: op

CVE-2017-7870 [CRITICAL] CVE-2017-7870: libreoffice - LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based ... LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx. Scope: local bookworm: resolved (fixed in 1:5.2.5-1) bullseye: resolved (fixed in 1:5.2.5-1) forky: resolved (fixed in 1:5.2.5-1) sid: resolved (fixed in 1:5.2.5-1) trixie: resolved (fi

CVE-2017-9806 [HIGH] CVE-2017-9806: libreoffice - A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and speci... A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution. Scope: local bookworm: resolved (fixed in 1:3.4.3-1) bullseye: resolved (fixed in

CVE-2017-12607 [HIGH] CVE-2017-12607: libreoffice - A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically i... A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution. Scope: local bookworm: resolved (fixed in 1:5.0.2-1) bullseye: resolved (fixed in 1:5.0.2-1) forky:

CVE-2017-12608 [HIGH] CVE-2017-12608: libreoffice - A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and sp... A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in ImportOldFormatStyles, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution. Scope: local bookworm: resolved (fixed in 1:5.0.2-1) bullseye: resolved (fixed

CVE-2017-3157 [MEDIUM] CVE-2017-3157: libreoffice - By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, a... By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into saving the document and convincing the user to send the document

CVE-2017-7856 [CRITICAL] CVE-2017-7856: libreoffice - LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based ... LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source/gdi/svmconverter.cxx. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2017-8358 [CRITICAL] CVE-2017-8358: libreoffice - LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based ... LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpegc.cxx. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2017-7882 [CRITICAL] CVE-2017-7882: libreoffice - LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile:... LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2016-10327 [CRITICAL] CVE-2016-10327: libreoffice - LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based ... LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx. Scope: local bookworm: resolved (fixed in 1:5.2.5-1) bullseye: resolved (fixed in 1:5.2.5-1) forky: resolved (fixed in 1:5.2.5-1) sid: resolved (fixed in 1:5.2.5-1) trixie: resol

CVE-2016-0795 [HIGH] CVE-2016-0795: libreoffice - LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (m... LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro (lwp) document. Scope: local bookworm: resolved (fixed in 1:5.0.5~rc1-1) bullseye: resolved (fixed in 1:5.0.5~rc1-1) forky: resolved (fixed in 1:5.0.5~rc1-1) sid: resolv

CVE-2016-1513 [HIGH] CVE-2016-1513: libreoffice - The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers ... The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) ODP or (2) OTP file. Scope: local bookworm: resolved (fixed in 1:4.3.3-1) bullseye: resolved (fixed in 1:4.3.3-1) forky: resolved (fixed in 1:4.3.3-1) sid: resolved (f

CVE-2016-0794 [HIGH] CVE-2016-0794: libreoffice - The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a de... The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LotusWordPro (lwp) document. Scope: local bookworm: resolved (fixed in 1:5.0.5~rc1-1) bullseye: resolved (fixed in 1:5.0.5~rc1-1) forky: resolved (fixed in 1:5.0.5~rc1-1) sid: resolved (fixed in

CVE-2016-4324 [HIGH] CVE-2016-4324: libreoffice - Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers... Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens. Scope: local bookworm: resolved (fixed in 1:5.1.4~rc1-1) bullseye: resolved (fixed in 1:5.1.4~rc1-1) forky: resolved (fixed in 1:5.1.4~rc1-1) sid: resolved (fixed in 1:5.1.4~rc1-1) trixie:

CVE-2015-5214 [MEDIUM] CVE-2015-5214: libreoffice - LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2... LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file. Scope: local bookworm: resolved (fixed in 1:5.0.1~rc2-1) bullseye: resolved (fixed in 1:5.0.1~rc2-1) forky:

CVE-2015-5212 [MEDIUM] CVE-2015-5212: libreoffice - Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2... Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted PrinterSetup data in an ODF document. Scope: local book

CVE-2015-1774 [MEDIUM] CVE-2015-1774: libreoffice - The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache Ope... The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write. Scope: local bookworm: resolved (fixed in 1:4.4.2-1) bullseye: resolved (fixed in 1:4.4.2-1) forky: