Vulnerability CVE-2017-7870: Information
Description
LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx.
Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
LibreOffice | sisyphus | 5.3.0.3-alt1 | 24.2.3.2-alt1 | ALT-PU-2017-1170-1 | 178229 | Fixed |
LibreOffice | p10 | 5.3.0.3-alt1 | 7.4.2.3-alt4 | ALT-PU-2017-1170-1 | 178229 | Fixed |
LibreOffice | p9 | 5.3.0.3-alt1 | 7.1.3.2-alt0.p9.1 | ALT-PU-2017-1170-1 | 178229 | Fixed |
LibreOffice | p8 | 5.3.7.2-alt0.M80P.1 | 6.2.8.2-alt0.M80P.1 | ALT-PU-2017-2719-1 | 195576 | Fixed |
LibreOffice | c10f1 | 5.3.0.3-alt1 | 7.4.2.3-alt4 | ALT-PU-2017-1170-1 | 178229 | Fixed |
LibreOffice | c9f2 | 5.3.0.3-alt1 | 6.3.0.3-alt6.c9.1 | ALT-PU-2017-1170-1 | 178229 | Fixed |
LibreOffice | p11 | 5.3.0.3-alt1 | 24.2.3.2-alt1 | ALT-PU-2017-1170-1 | 178229 | Fixed |
LibreOffice4 | c7 | 4.2-alt2.M70C.5 | 4.2-alt2.M70C.6 | ALT-PU-2017-2186-1 | 188064 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://github.com/LibreOffice/core/commit/62a97e6a561ce65e88d4c537a1b82c336f012722 |
|
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=372 |
|
97671 |
|
GLSA-201706-28 | |
1039029 | |
DSA-3837 | |
http://www.libreoffice.org/about-us/security/advisories/cve-2017-7870/ | |
RHSA-2017:1975 |