Vulnerabilities > CVE-2017-14226 - Out-of-bounds Read vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
libreoffice
libwpd
CWE-125
nessus

Summary

WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application.

Vulnerable Configurations

Part Description Count
Application
Libreoffice
296
Application
Libwpd
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2931-1.NASL
    descriptionThis update for libwpd fixes the following issues: Security issue fixed : - CVE-2017-14226: WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application. (bnc#1058025) Bugfixes : - Fix various crashes, leaks and hangs when reading damaged files found by oss-fuzz. - Fix crash when NULL is passed as input stream. - Use symbol visibility on Linux. The library only exports public functions now. - Avoid infinite loop. (libwpd#3) - Remove bashism. (libwpd#5) - Fix various crashes and hangs when reading broken files found with the help of american-fuzzy-lop. - Make --help output of all command line tools more help2man-friendly. - Miscellaneous fixes and cleanups. - Generate manpages for the libwpd-tools Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104427
    published2017-11-07
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104427
    titleSUSE SLED12 Security Update : libwpd (SUSE-SU-2017:2931-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-5128C8CFE2.NASL
    descriptionnew upstream release ---- - heap overflow in libwpd Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-01-15
    plugin id105876
    published2018-01-15
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105876
    titleFedora 27 : libwpd (2017-5128c8cfe2)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1274.NASL
    descriptionAccording to the version of the libwpd package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application.(CVE-2017-14226) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-11-02
    plugin id104327
    published2017-11-02
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104327
    titleEulerOS 2.0 SP1 : libwpd (EulerOS-SA-2017-1274)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-1247.NASL
    descriptionThis update for libwpd fixes the following issues : Security issue fixed : - CVE-2017-14226: WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application. (bnc#1058025) Bugfixes : - Fix various crashes, leaks and hangs when reading damaged files found by oss-fuzz. - Fix crash when NULL is passed as input stream. - Use symbol visibility on Linux. The library only exports public functions now. - Avoid infinite loop. (libwpd#3) - Remove bashism. (libwpd#5) - Fix various crashes and hangs when reading broken files found with the help of american-fuzzy-lop. - Make --help output of all command line tools more help2man-friendly. - Miscellaneous fixes and cleanups. - Generate manpages for the libwpd-tools This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2017-11-07
    plugin id104422
    published2017-11-07
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/104422
    titleopenSUSE Security Update : libwpd (openSUSE-2017-1247)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1275.NASL
    descriptionAccording to the version of the libwpd package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application.(CVE-2017-14226) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-11-02
    plugin id104328
    published2017-11-02
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104328
    titleEulerOS 2.0 SP2 : libwpd (EulerOS-SA-2017-1275)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-63FF51C0DC.NASL
    descriptionnew upstream release ---- - heap overflow in libwpd Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-09-20
    plugin id103335
    published2017-09-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103335
    titleFedora 26 : libwpd (2017-63ff51c0dc)