CLD-364 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2018-10119 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) libreoffice
Deficiency Type SECURITY
Date Created 2018-04-16 15:05:55
Date Last Modified 2018-04-17 11:03:16

Version Specific Information:

Cucumber 1.0 i686 fixed in libreoffice-5.3.7.2-i686-3
Cucumber 1.0 x86_64 fixed in libreoffice-5.3.7.2-x86_64-3

Cucumber 1.1 i686 fixed in libreoffice-5.3.7.2-i686-3
Cucumber 1.1 x86_64 fixed in libreoffice-5.3.7.2-x86_64-3

Details:

=================================== Overview ===================================

sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before
6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which
allows remote attackers to cause a denial of service (use-after-free with write
access) or possibly have unspecified other impact via a crafted document. 

================================= Our Analysis =================================

----- Affected Products -----
LibreOffice 5.3.7.2 as originally packaged in Cucumber Linux 1.0 and 1.1 is
vulnerable.

----- Scope and Impact of this Vulnerability -----
Denial of service (use after free) resulting in other possible unspecified
impacts via a specially crafter document.

----- Fix for this Vulnerability -----
Fixed in commit: https://gerrit.libreoffice.org/gitweb?p=core.git;a=patch;h=fdd41c995d1f719e92c6f083e780226114762f05

================================= Our Solution =================================

We have applied the aforementioned patch and rebuilt.