CVE-2017-14226

Name of the Vulnerable Software and Affected Versions libwpd version 0.10.1 LibreOffice versions prior to 5.3.7

Description The issue arises from the mishandling of iterators in WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1. This mishandling allows remote attackers to cause a denial of service due to a heap-based buffer over-read in the WPXTableList class in WPXTable.cpp. The vulnerability can be triggered in LibreOffice applications before version 5.3.7, potentially leading to a remote attack against the application.

Recommendations For libwpd version 0.10.1, consider updating to a version that fixes the iterator mishandling issue. For LibreOffice versions prior to 5.3.7, update to version 5.3.7 or later to resolve the vulnerability. As a temporary workaround, consider restricting access to the WPXTableList class in WPXTable.cpp until a patch is available.