Arthur Chan

**Name of the Vulnerable Software and Affected Versions** LibreOffice (affected versions not specified) **Description** A stack buffer overflow occurs when importing presentations in the legacy binary PPT format. The issue arises during the import of a colour-replacement record where two fixed-size colour tables are filled from the file. Because the write position is not reset between the two passes over the record, a file with combined colour counts exceeding the table size writes past the end of the tables on the stack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LibreOffice Calc (affected versions not specified) **Description** A heap buffer overflow occurs during the compilation of cell formulas when opening a spreadsheet. This issue is triggered by very long formulas containing numerous opening tokens. The array used to track nesting depth is allocated with one element too few for the worst-case scenario, causing the formula to write one element beyond the array boundary. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LibreOffice Calc (affected versions not specified) **Description** A heap buffer overflow occurs during the import of tracked changes from a spreadsheet document. This happens when a document reuses the same change identifier for two different types of changes, causing the importer to treat a change object as a larger type and write data beyond the allocated memory boundary. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cloud Foundry UAA versions v76.12.0 through v78.12.0 CF Deployment versions v30.0.0 through v56.0.0 **Description** Private key exposure occurs when the server inadvertently reveals Elliptic Curve (EC) private keys through the public '/token keys' endpoint. While this endpoint is intended to provide public key material for JSON Web Token (JWT) verification, it incorrectly exposes private key components for EC keys. This issue specifically affects deployments using EC keys for JWT token signing and does not impact RSA key configurations. **Recommendations** Update Cloud Foundry UAA to version v78.13.0 or later. Update CF Deployment to version v56.1.0 or later.