Arch Linux Security Advisory ASA-201607-3 ========================================= Severity: Critical Date : 2016-07-05 CVE-ID : CVE-2016-4324 Package : libreoffice-fresh Type : arbitrary code execution Remote : No Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package libreoffice-fresh before version 5.1.4-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 5.1.4-1. # pacman -Syu "libreoffice-fresh>=5.1.4-1" The problem has been fixed upstream in version 5.1.4. Workaround ========== None. Description =========== A use after free vulnerability was found in the RTF parser of LibreOffice. The vulnerability lies in the parsing of documents containing both stylesheet and superscript tokens. A specially crafted RTF document containing both a stylesheet and superscript element causes LibreOffice to access an invalid pointer referencing previously used memory on the heap. By carefully manipulating the contents of the heap, this vulnerability can be used to execute arbitrary code. Impact ====== An attacker is able to use a specially crafted RTF document that, when opened locally, is leading to arbitrary code execution. References ========== https://www.libreoffice.org/about-us/security/advisories/cve-2016-4324/ http://www.talosintelligence.com/reports/TALOS-2016-0126/ https://access.redhat.com/security/cve/CVE-2016-4324