Package LibreOffice4 updated to version 4.2-alt2.M70C.5 for branch c7 in task 188064.

Published: 2017-01-02

BDU:2017-01549

Уязвимость функции tools::Polygon::Insert пакета офисных программ LibreOffice, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2017-7870
BID ID:97671

Published: 2017-04-14
Modified: 2024-11-21

CVE-2017-7870

LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

DSA-3837
DSA-3837
http://www.libreoffice.org/about-us/security/advisories/cve-2017-7870/
http://www.libreoffice.org/about-us/security/advisories/cve-2017-7870/
97671
97671
1039029
1039029
RHSA-2017:1975
RHSA-2017:1975
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=372
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=372
https://github.com/LibreOffice/core/commit/62a97e6a561ce65e88d4c537a1b82c336f012722
https://github.com/LibreOffice/core/commit/62a97e6a561ce65e88d4c537a1b82c336f012722
GLSA-201706-28
GLSA-201706-28

Version: 2.1.0

Package LibreOffice4 update in c7 on 2017-09-12

ALT-PU-2017-2186-1

Closed vulnerabilities

BDU:2017-01549

CVE-2017-7870