635966 – (CVE-2017-9432) <app-text/libstaroffice-0.0.4: Out of bounds write (CVE-2017-9432)

Bug 635966 (CVE-2017-9432) - <app-text/libstaroffice-0.0.4: Out of bounds write (CVE-2017-9432)

Summary: <app-text/libstaroffice-0.0.4: Out of bounds write (CVE-2017-9432)

Status:	RESOLVED FIXED

Alias:	CVE-2017-9432

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	~2 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2017-10-31 00:54 UTC by GLSAMaker/CVETool Bot
Modified:	2017-11-11 02:38 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2017-10-31 00:54:46 UTC

CVE-2017-9432 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9432):
  Document Liberation Project libstaroffice before 2017-04-07 has an
  out-of-bounds write caused by a stack-based buffer overflow related to the
  DatabaseName::read function in lib/StarWriterStruct.cxx.

Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-10-31 00:55:36 UTC

@Maintainers could you please let us know if we are affected? 

Thank you

Comment 2 Andreas Sturmlechner gentoo-dev

2017-11-10 19:44:22 UTC

From your $URL:

"versions up to (including) 0.0.3"

This version was never stable and is not in tree anymore.

Comment 3 Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-11-11 02:38:12 UTC

(In reply to Andreas Sturmlechner from comment #2)
> From your $URL:
> 
> "versions up to (including) 0.0.3"
> 
> This version was never stable and is not in tree anymore.

Yes, that's why the ~2:

>Package that never had an affected version stable


Thank you, closing as RESOLVED since 0.0.3 is no longer in tree.