[arch-security] [ASA-201607-3] libreoffice-fresh: arbitrary code execution
Levente Polyak
anthraxx at archlinux.org
Tue Jul 5 20:35:07 UTC 2016
Arch Linux Security Advisory ASA-201607-3
=========================================
Severity: Critical
Date : 2016-07-05
CVE-ID : CVE-2016-4324
Package : libreoffice-fresh
Type : arbitrary code execution
Remote : No
Link : https://wiki.archlinux.org/index.php/CVE
Summary
=======
The package libreoffice-fresh before version 5.1.4-1 is vulnerable to
arbitrary code execution.
Resolution
==========
Upgrade to 5.1.4-1.
# pacman -Syu "libreoffice-fresh>=5.1.4-1"
The problem has been fixed upstream in version 5.1.4.
Workaround
==========
None.
Description
===========
A use after free vulnerability was found in the RTF parser of
LibreOffice. The vulnerability lies in the parsing of documents
containing both stylesheet and superscript tokens. A specially crafted
RTF document containing both a stylesheet and superscript element
causes LibreOffice to access an invalid pointer referencing previously
used memory on the heap. By carefully manipulating the contents of the
heap, this vulnerability can be used to execute arbitrary code.
Impact
======
An attacker is able to use a specially crafted RTF document that, when
opened locally, is leading to arbitrary code execution.
References
==========
https://www.libreoffice.org/about-us/security/advisories/cve-2016-4324/
http://www.talosintelligence.com/reports/TALOS-2016-0126/
https://access.redhat.com/security/cve/CVE-2016-4324
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20160705/99c2a184/attachment.asc>
More information about the arch-security
mailing list