First Last Prev Next    This bug is not in your last search results.
Bug 1058025 - (CVE-2017-14226) VUL-0: CVE-2017-14226: libwpd: remote attack against LibreOffice via heap-based buffer over-read in the WPXTableList class
(CVE-2017-14226)
VUL-0: CVE-2017-14226: libwpd: remote attack against LibreOffice via heap-bas...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/191704/
CVSSv2:SUSE:CVE-2017-14226:7.5:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-09-11 07:48 UTC by Alexander Bergmann
Modified: 2018-03-23 15:42 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
QA Reproducer (435 bytes, application/x-rar)
2017-09-11 07:53 UTC, Alexander Bergmann 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2017-09-11 07:48:43 UTC 
rh#1489337

WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in
libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a
denial of service (heap-based buffer over-read in the WPXTableList class in
WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7.
It may lead to suffering a remote attack against a LibreOffice application.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1489337
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14226
http://www.cvedetails.com/cve/CVE-2017-14226/
https://cgit.freedesktop.org/libreoffice/core/commit/?id=dd89afa6ee8166b69e7a1e86f22616ca8fc122c9
https://sourceforge.net/p/libwpd/code/ci/0329a9c57f9b3b0efa0f09a5235dfd90236803a5/
https://sourceforge.net/p/libwpd/code/ci/f40827b3eae260ce657c67d9fecc855b09dea3c3/
https://sourceforge.net/p/libwpd/tickets/14/
https://bugs.documentfoundation.org/show_bug.cgi?id=112269
Comment 1 Alexander Bergmann 2017-09-11 07:53:10 UTC 
Created attachment 740143 [details]
QA Reproducer

#> valgrind wpd2html POC1
...
==11954== ERROR SUMMARY: 21 errors from 11 contexts (suppressed: 0 from 0)
Segmentation fault (core dumped)
Comment 2 Tomáš Chvátal 2017-09-11 08:20:57 UTC 
Is it urgent or should we wait for next libreoffice update and make it version bump?
Comment 3 Bernhard Wiedemann 2017-09-13 12:03:27 UTC 
This is an autogenerated message for OBS integration:
This bug (1058025) was mentioned in
https://build.opensuse.org/request/show/525821 Factory / libwpd
Comment 5 Tomáš Chvátal 2017-11-02 12:03:41 UTC 
The submission was sent to SLE12.
Comment 6 Swamp Workflow Management 2017-11-06 14:07:39 UTC 
SUSE-SU-2017:2931-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1058025
CVE References: CVE-2017-14226
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    libwpd-0.10.2-2.4.1
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    libwpd-0.10.2-2.4.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    libwpd-0.10.2-2.4.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    libwpd-0.10.2-2.4.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    libwpd-0.10.2-2.4.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    libwpd-0.10.2-2.4.1
Comment 7 Swamp Workflow Management 2017-11-07 05:15:19 UTC 
openSUSE-SU-2017:2943-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1058025
CVE References: CVE-2017-14226
Sources used:
openSUSE Leap 42.3 (src):    libwpd-0.10.2-8.1
openSUSE Leap 42.2 (src):    libwpd-0.10.2-5.3.1
Comment 8 Marcus Meissner 2017-12-19 16:16:17 UTC 
released
First Last Prev Next    This bug is not in your last search results.