First published: Sun Apr 15 2018(Updated: )
LibreOffice before versions 5.4.5.1 and 6.0.1.1 is vulnerable to an integer overflow resulting in a write to recently freed data in the StgSmallStrm class from sot/source/sdstor/stgstrms.cxx. An attacker could exploit this to cause a denial of service or other unspecified impact via a crafted document. External Reference: <a href="https://www.libreoffice.org/about-us/security/advisories/cve-2018-10119/">https://www.libreoffice.org/about-us/security/advisories/cve-2018-10119/</a> Additional Reference: <a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5747">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5747</a> Upstream Patches: <a href="https://gerrit.libreoffice.org/gitweb?p=core.git;a=commit;h=fdd41c995d1f719e92c6f083e780226114762f05">https://gerrit.libreoffice.org/gitweb?p=core.git;a=commit;h=fdd41c995d1f719e92c6f083e780226114762f05</a> <a href="https://gerrit.libreoffice.org/#/c/48751/">https://gerrit.libreoffice.org/#/c/48751/</a> <a href="https://gerrit.libreoffice.org/#/c/48756/">https://gerrit.libreoffice.org/#/c/48756/</a> <a href="https://gerrit.libreoffice.org/#/c/48757/">https://gerrit.libreoffice.org/#/c/48757/</a> <a href="https://gerrit.libreoffice.org/#/c/48758/">https://gerrit.libreoffice.org/#/c/48758/</a>
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Libreoffice Libreoffice | <5.4.5.1 | |
Libreoffice Libreoffice | >=6.0.0<6.0.1.1 | |
Debian Debian Linux | =7.0 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Workstation | =7.0 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
redhat/libreoffice | <5.4.5.1 | 5.4.5.1 |
redhat/libreoffice | <6.0.1.1 | 6.0.1.1 |
ubuntu/libreoffice | <1:4.2.8-0ubuntu5.5 | 1:4.2.8-0ubuntu5.5 |
ubuntu/libreoffice | <1:5.1.6~ | 1:5.1.6~ |
debian/libreoffice | 1:7.0.4-4+deb11u9 1:7.0.4-4+deb11u10 4:7.4.7-1+deb12u3 4:7.4.7-1+deb12u4 4:24.2.5-3 |
https://gerrit.libreoffice.org/gitweb?p=core.git;a=commit;h=fdd41c995d1f719e92c6f083e780226114762f05
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-10119 is a vulnerability in LibreOffice that allows remote attackers to cause a denial of service or potentially have other impacts.
CVE-2018-10119 affects versions of LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1.
CVE-2018-10119 has a severity rating of 7.8 (high).
To fix CVE-2018-10119, you should update your LibreOffice installation to version 5.4.5.1 or higher for versions before 6.0.1.1, and version 6.0.1.1 or higher for versions in the 6.x range.
You can find more information about CVE-2018-10119 in the references provided: [RHSA-2018:3054](https://access.redhat.com/errata/RHSA-2018:3054), [oss-fuzz issue](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5747), [LibreOffice Gerrit change](https://gerrit.libreoffice.org/#/c/48751/).