CVE-2018-10119

sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format.

References

Affected packages

Git / github.com/libreoffice/core

Affected ranges

Type: GIT
Repo: https://github.com/libreoffice/core
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

60bfb1526849283ce2491346ed2aa51c465abfe6

Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

79c9829dd5d8054ec39a82dc51cd9eff340dbee8

Affected versions

Other

MELD_LIBREOFFICE_REPOS

libreoffice-3-5-branch-point

libreoffice-3-6-branch-point

libreoffice-4-0-branch-point

libreoffice-4-1-branch-point

libreoffice-4-2-branch-point

libreoffice-4-2-milestone-1

libreoffice-4-3-branch-point

libreoffice-4-4-branch-point

libreoffice-5-0-branch-point

libreoffice-5-1-branch-point

libreoffice-5-2-branch-point

libreoffice-5-3-branch-point

libreoffice-5-4-branch-point

libreoffice-6-0-branch-point

windows_build_successful_2011_11_08

calc_libreoffice-3.*

calc_libreoffice-3.4.2.2-buildfix1

gpg4libre-review-5.*

gpg4libre-review-5.4.99

libreoffice-3.*

libreoffice-3.5.0.0

libs-extern-sys_libreoffice-3.*

libs-extern-sys_libreoffice-3.4.2.2-buildfix1

libs-extern_libreoffice-3.*

libs-extern_libreoffice-3.4.2.2-buildfix1

sdremote-2.*

sdremote-2.0.0

testing_libreoffice-3.*

testing_libreoffice-3.3.99.4-hotfixes1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-10119.json"