PT-2018-2472 · Document Foundation+4 · Libreoffice+4

Publicado

2018-02-22

Atualizado

2024-06-15

CVE-2018-10119

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LibreOffice versions prior to 5.4.5.1 LibreOffice versions 6.x prior to 6.0.1.1

Description The issue is related to the use of an incorrect integer data type in the StgSmallStrm class, which can lead to a denial of service or possibly other impacts via a crafted document using the structured storage ole2 wrapper file format. This is also associated with a use-after-free vulnerability in the SwCTBWrapper::Read function, allowing remote attackers to cause a denial of service with a specially formed file.

Recommendations For LibreOffice versions prior to 5.4.5.1, update to version 5.4.5.1 or later. For LibreOffice versions 6.x prior to 6.0.1.1, update to version 6.0.1.1 or later.

Exploit

Correção

DoS

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2018-1273

BDU:2019-00715

CVE-2018-10119

DLA-1356-1

DSA-4178-1

MGASA-2018-0271

OPENSUSE-SU-2018_1311-1

OPENSUSE-SU-2024:10983-1

RHSA-2018:3054

RHSA-2018_3054

SUSE-SU-2018:1296-1

SUSE-SU-2018_1296-1

USN-3883-1

Produtos afetados

Alt Linux

Libreoffice

Red Hat

Suse

Ubuntu

PT-2018-2472 · Document Foundation+4 · Libreoffice+4

CVE-2018-10119

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 101