Vulnerability CVE-2017-7870: Information

Description

LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-7870
Published: April 14, 2017
Modified: Jan. 5, 2018
Error type identifier: CWE-787

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
LibreOfficesisyphus5.3.0.3-alt124.2.3.2-alt1ALT-PU-2017-1170-1178229Fixed
LibreOfficep105.3.0.3-alt17.4.2.3-alt4ALT-PU-2017-1170-1178229Fixed
LibreOfficep95.3.0.3-alt17.1.3.2-alt0.p9.1ALT-PU-2017-1170-1178229Fixed
LibreOfficep85.3.7.2-alt0.M80P.16.2.8.2-alt0.M80P.1ALT-PU-2017-2719-1195576Fixed
LibreOfficec10f15.3.0.3-alt17.4.2.3-alt4ALT-PU-2017-1170-1178229Fixed
LibreOfficec9f25.3.0.3-alt16.3.0.3-alt6.c9.1ALT-PU-2017-1170-1178229Fixed
LibreOfficep115.3.0.3-alt124.2.3.2-alt1ALT-PU-2017-1170-1178229Fixed
LibreOffice4c74.2-alt2.M70C.54.2-alt2.M70C.6ALT-PU-2017-2186-1188064Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/LibreOffice/core/commit/62a97e6a561ce65e88d4c537a1b82c336f012722
  • Patch
  • Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=372
  • Third Party Advisory
  • VDB Entry
97671
  • Third Party Advisory
  • VDB Entry
GLSA-201706-28
    1039029
      DSA-3837
        http://www.libreoffice.org/about-us/security/advisories/cve-2017-7870/
          RHSA-2017:1975

              1. Configuration 1

                cpe:2.3:a:libreoffice:libreoffice:*:beta2:*:*:*:*:*:*
                End including
                5.3.0.0
            VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
            Version: v24.5.2
            Back to top