| Summary: | <app-office/libreoffice{-bin}-5.1.4.2: Dereference of invalid STL iterator on processing RTF file | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | ||
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1351197 | ||
| Whiteboard: | A2 [glsa cve] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 589284 | ||
| Bug Blocks: | |||
5.1.4.2 version bump pending: https://github.com/gentoo/gentoo/pull/1663 Ebuild added. Let's keep it in ~arch for a bit to see some testing. Please stabilize LibreOffice 5.1.4.2 and friends. See bug 589284 for the details. stabilization done. cleanup done, office out New GLSA Request filed. This issue was resolved and addressed in GLSA 201611-03 at https://security.gentoo.org/glsa/201611-03 by GLSA coordinator Aaron Bauman (b-man). |
From ${URL} : A use after free vulnerability was found in RTF parser of LibreOffice. The vulnerability lies in the parsing of documents containing both stylesheet and superscript tokens. A specially crafted RTF document containing both a stylesheet and superscript element causes LibreOffice to access an invalid pointer referencing previously used memory on the heap. By carefully manipulating the contents of the heap, this vulnerability can be used to execute arbitrary code. External References: https://www.libreoffice.org/about-us/security/advisories/cve-2016-4324/ http://blog.talosintel.com/2016/06/vulnerability-spotlight-libreoffice-rtf.html @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.