Vulnerabilities > CVE-2017-8358 - Out-of-bounds Write vulnerability in Libreoffice
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpegc.cxx.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-2315-1.NASL description LibreOffice was updated to version 5.3.5.2, bringing new features and enhancements: Writer : - New last seen 2020-06-01 modified 2020-06-02 plugin id 102911 published 2017-09-01 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102911 title SUSE SLED12 Security Update : libreoffice (SUSE-SU-2017:2315-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-807.NASL description LibreOffice was updated to version 5.3.3.2, bringing new features and enhancements : Writer : - New last seen 2020-06-05 modified 2017-07-13 plugin id 101517 published 2017-07-13 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101517 title openSUSE Security Update : libreoffice (openSUSE-2017-807) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-1821-1.NASL description LibreOffice was updated to version 5.3.3.2, bringing new features and enhancements: Writer : - New last seen 2020-06-01 modified 2020-06-02 plugin id 101353 published 2017-07-10 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101353 title SUSE SLED12 Security Update : libreoffice (SUSE-SU-2017:1821-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-1048.NASL description LibreOffice was updated to version 5.3.5.2, bringing new features and enhancements : Writer : - New last seen 2020-06-05 modified 2017-09-18 plugin id 103284 published 2017-09-18 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103284 title openSUSE Security Update : libreoffice (openSUSE-2017-1048)
References
- http://www.securityfocus.com/bid/98395
- http://www.securityfocus.com/bid/98395
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=889
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=889
- https://github.com/LibreOffice/core/commit/6e6e54f944a5ebb49e9110bdeff844d00a96c56c
- https://github.com/LibreOffice/core/commit/6e6e54f944a5ebb49e9110bdeff844d00a96c56c