Vulnerabilities > CVE-2017-7870 - Out-of-bounds Write vulnerability in Libreoffice
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Windows NASL id LIBREOFFICE_530.NASL description The version of LibreOffice installed on the remote Windows host is prior to 5.1, 5.1.x prior to 5.1.6, or 5.2.x prior to 5.2.5. It is, therefore, affected by multiple vulnerabilities : - An overflow condition exists when processing EMF files, specifically in the EnhWMFReader::ReadEnhWMF() function within file vcl/source/filter/wmf/enhwmf.cxx, due to improper validation of a certain offset value in the header that precedes bitmap data. An unauthenticated, remote attacker can exploit this, via a specially crafted enhanced metafile file (EMF), to cause a denial of service condition or the execution of arbitrary code. Note that this vulnerability does not affect version 5.1.x. (CVE-2016-10327) - A file disclosure vulnerability exists due to a flaw in the content preview feature when handling embedded objects. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to disclose details of a file on the hosting system. (CVE-2017-3157) - An overflow condition exists in the Polygon::Insert() function within file tools/source/generic/poly.cxx when processing polygons in Windows metafiles (WMF) that under certain circumstances result in polygons with more points than can represented in LibreOffice last seen 2020-06-01 modified 2020-06-02 plugin id 97496 published 2017-03-02 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97496 title LibreOffice < 5.1.6 / 5.2.5 / 5.3.0 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(97496); script_version("1.7"); script_cvs_date("Date: 2019/11/13"); script_cve_id("CVE-2016-10327", "CVE-2017-3157", "CVE-2017-7870"); script_bugtraq_id(96402, 97668, 97671); script_name(english:"LibreOffice < 5.1.6 / 5.2.5 / 5.3.0 Multiple Vulnerabilities"); script_summary(english:"Checks the version of LibreOffice."); script_set_attribute(attribute:"synopsis", value: "An application installed on the remote host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of LibreOffice installed on the remote Windows host is prior to 5.1, 5.1.x prior to 5.1.6, or 5.2.x prior to 5.2.5. It is, therefore, affected by multiple vulnerabilities : - An overflow condition exists when processing EMF files, specifically in the EnhWMFReader::ReadEnhWMF() function within file vcl/source/filter/wmf/enhwmf.cxx, due to improper validation of a certain offset value in the header that precedes bitmap data. An unauthenticated, remote attacker can exploit this, via a specially crafted enhanced metafile file (EMF), to cause a denial of service condition or the execution of arbitrary code. Note that this vulnerability does not affect version 5.1.x. (CVE-2016-10327) - A file disclosure vulnerability exists due to a flaw in the content preview feature when handling embedded objects. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to disclose details of a file on the hosting system. (CVE-2017-3157) - An overflow condition exists in the Polygon::Insert() function within file tools/source/generic/poly.cxx when processing polygons in Windows metafiles (WMF) that under certain circumstances result in polygons with more points than can represented in LibreOffice's internal polygon class. An unauthenticated, remote attacker can exploit this, via a specially crafted WMF file, to cause a denial of service condition or the execution of arbitrary code. Note that this vulnerability does not affect version 5.1.x. (CVE-2017-7870) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://www.libreoffice.org/about-us/security/advisories/cve-2016-10327/"); script_set_attribute(attribute:"see_also", value:"https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/"); script_set_attribute(attribute:"see_also", value:"https://www.libreoffice.org/about-us/security/advisories/cve-2017-7870/"); script_set_attribute(attribute:"solution", value: "Upgrade to LibreOffice version 5.1.6 / 5.2.5 / 5.3.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-7870"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/22"); script_set_attribute(attribute:"patch_publication_date", value:"2017/02/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/02"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:libreoffice:libreoffice"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("libreoffice_installed.nasl"); script_require_keys("installed_sw/LibreOffice", "SMB/Registry/Enumerated"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("install_func.inc"); app_name = "LibreOffice"; get_kb_item_or_exit("SMB/Registry/Enumerated"); install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE); version = install['version']; version_ui = install['display_version']; path = install['path']; if ( # < 5.x version =~ "^[0-4]($|[^0-9])" || # 5.0 < 5.1 version =~ "^5\.0($|[^0-9])" || # 5.1 < 5.1.6 version =~ "^5\.1($|\.[0-5])($|[^0-9])" || # 5.2 < 5.2.5 version =~ "^5\.2($|\.[0-4])($|[^0-9])" ) { port = get_kb_item("SMB/transport"); if (!port) port = 445; report = '\n Path : ' + path + '\n Installed version : ' + version_ui + '\n Fixed version : 5.1.6 / 5.2.5 / 5.3.0' + '\n'; security_report_v4(port:port, severity:SECURITY_HOLE, extra:report); exit(0); } else audit(AUDIT_INST_PATH_NOT_VULN, app_name, version_ui, path);
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3273-1.NASL description It was discovered that LibreOffice incorrectly handled EMF image files. If a user were tricked into opening a specially crafted EMF image file, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 99965 published 2017-05-03 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99965 title Ubuntu 14.04 LTS / 16.04 LTS / 16.10 : libreoffice vulnerabilities (USN-3273-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3273-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(99965); script_version("3.7"); script_cvs_date("Date: 2019/09/18 12:31:47"); script_cve_id("CVE-2016-10327", "CVE-2017-7870"); script_xref(name:"USN", value:"3273-1"); script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 16.10 : libreoffice vulnerabilities (USN-3273-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "It was discovered that LibreOffice incorrectly handled EMF image files. If a user were tricked into opening a specially crafted EMF image file, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3273-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected libreoffice-core package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libreoffice-core"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/14"); script_set_attribute(attribute:"patch_publication_date", value:"2017/05/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(14\.04|16\.04|16\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 16.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"14.04", pkgname:"libreoffice-core", pkgver:"1:4.2.8-0ubuntu5.1")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"libreoffice-core", pkgver:"1:5.1.6~rc2-0ubuntu1~xenial2")) flag++; if (ubuntu_check(osver:"16.10", pkgname:"libreoffice-core", pkgver:"1:5.2.2-0ubuntu2.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libreoffice-core"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-910.NASL description CVE-2017-3157 Ben Hayak discovered that objects embedded in Writer and Calc documents may result in information disclosure. Please see https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157 / for additional information. CVE-2017-7870 An out-of-bounds write caused by a heap-based buffer overflow was found in the Polygon class. For Debian 7 last seen 2020-03-17 modified 2017-04-24 plugin id 99604 published 2017-04-24 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99604 title Debian DLA-910-1 : libreoffice security update NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2017-1975.NASL description An update for libreoffice is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. Security Fix(es) : * An out-of-bounds write flaw was found in the way Libreoffice rendered certain documents containing Polygon images. By tricking a user into opening a specially crafted LibreOffice file, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. (CVE-2017-7870) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 102746 published 2017-08-25 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102746 title CentOS 7 : libreoffice (CESA-2017:1975) NASL family MacOS X Local Security Checks NASL id MACOS_LIBREOFFICE_530.NASL description The version of LibreOffice installed on the remote Mac OS X or macOS host is prior to 5.1, 5.1.x prior to 5.1.6, or 5.2.x prior to 5.2.5. It is, therefore, affected by multiple vulnerabilities : - An overflow condition exists when processing EMF files, specifically in the EnhWMFReader::ReadEnhWMF() function within file vcl/source/filter/wmf/enhwmf.cxx, due to improper validation of a certain offset value in the header that precedes bitmap data. An unauthenticated, remote attacker can exploit this, via a specially crafted enhanced metafile file (EMF), to cause a denial of service condition or the execution of arbitrary code. Note that this vulnerability does not affect version 5.1.x. (CVE-2016-10327) - A file disclosure vulnerability exists due to a flaw in the content preview feature when handling embedded objects. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to disclose details of a file on the hosting system. (CVE-2017-3157) - An overflow condition exists in the Polygon::Insert() function within file tools/source/generic/poly.cxx when processing polygons in Windows metafiles (WMF) that under certain circumstances result in polygons with more points than can represented in LibreOffice last seen 2020-06-01 modified 2020-06-02 plugin id 97497 published 2017-03-02 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97497 title LibreOffice < 5.1.6 / 5.2.5 / 5.3.0 Multiple Vulnerabilities (macOS) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3837.NASL description It was discovered that a buffer overflow in processing Windows Metafiles may result in denial of service or the execution of arbitrary code if a malformed document is opened. last seen 2020-06-01 modified 2020-06-02 plugin id 99717 published 2017-04-28 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99717 title Debian DSA-3837-1 : libreoffice - security update NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201706-28.NASL description The remote host is affected by the vulnerability described in GLSA-201706-28 (LibreOffice: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in LibreOffice. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted file using LibreOffice, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 101074 published 2017-06-28 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/101074 title GLSA-201706-28 : LibreOffice: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-2315-1.NASL description LibreOffice was updated to version 5.3.5.2, bringing new features and enhancements: Writer : - New last seen 2020-06-01 modified 2020-06-02 plugin id 102911 published 2017-09-01 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102911 title SUSE SLED12 Security Update : libreoffice (SUSE-SU-2017:2315-1) NASL family Fedora Local Security Checks NASL id FEDORA_2017-7A7D2044C9.NASL description - CVE-2017-7870 Heap-buffer-overflow in WMF filter - CVE-2016-10327 Heap-buffer-overflow in EMF filter Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-05-16 plugin id 100192 published 2017-05-16 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100192 title Fedora 24 : 1:libreoffice (2017-7a7d2044c9) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-1975.NASL description An update for libreoffice is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. Security Fix(es) : * An out-of-bounds write flaw was found in the way Libreoffice rendered certain documents containing Polygon images. By tricking a user into opening a specially crafted LibreOffice file, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. (CVE-2017-7870) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 102107 published 2017-08-02 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102107 title RHEL 7 : libreoffice (RHSA-2017:1975) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-807.NASL description LibreOffice was updated to version 5.3.3.2, bringing new features and enhancements : Writer : - New last seen 2020-06-05 modified 2017-07-13 plugin id 101517 published 2017-07-13 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101517 title openSUSE Security Update : libreoffice (openSUSE-2017-807) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-1821-1.NASL description LibreOffice was updated to version 5.3.3.2, bringing new features and enhancements: Writer : - New last seen 2020-06-01 modified 2020-06-02 plugin id 101353 published 2017-07-10 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101353 title SUSE SLED12 Security Update : libreoffice (SUSE-SU-2017:1821-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-1048.NASL description LibreOffice was updated to version 5.3.5.2, bringing new features and enhancements : Writer : - New last seen 2020-06-05 modified 2017-09-18 plugin id 103284 published 2017-09-18 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103284 title openSUSE Security Update : libreoffice (openSUSE-2017-1048) NASL family Scientific Linux Local Security Checks NASL id SL_20170801_LIBREOFFICE_ON_SL7_X.NASL description Security Fix(es) : - An out-of-bounds write flaw was found in the way Libreoffice rendered certain documents containing Polygon images. By tricking a user into opening a specially crafted LibreOffice file, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. (CVE-2017-7870) last seen 2020-03-18 modified 2017-08-22 plugin id 102646 published 2017-08-22 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102646 title Scientific Linux Security Update : libreoffice on SL7.x x86_64 (20170801) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2017-1975.NASL description From Red Hat Security Advisory 2017:1975 : An update for libreoffice is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. Security Fix(es) : * An out-of-bounds write flaw was found in the way Libreoffice rendered certain documents containing Polygon images. By tricking a user into opening a specially crafted LibreOffice file, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. (CVE-2017-7870) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 102291 published 2017-08-09 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102291 title Oracle Linux 7 : libreoffice (ELSA-2017-1975)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://www.debian.org/security/2017/dsa-3837
- http://www.debian.org/security/2017/dsa-3837
- http://www.libreoffice.org/about-us/security/advisories/cve-2017-7870/
- http://www.libreoffice.org/about-us/security/advisories/cve-2017-7870/
- http://www.securityfocus.com/bid/97671
- http://www.securityfocus.com/bid/97671
- http://www.securitytracker.com/id/1039029
- http://www.securitytracker.com/id/1039029
- https://access.redhat.com/errata/RHSA-2017:1975
- https://access.redhat.com/errata/RHSA-2017:1975
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=372
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=372
- https://github.com/LibreOffice/core/commit/62a97e6a561ce65e88d4c537a1b82c336f012722
- https://github.com/LibreOffice/core/commit/62a97e6a561ce65e88d4c537a1b82c336f012722
- https://security.gentoo.org/glsa/201706-28
- https://security.gentoo.org/glsa/201706-28