Kaspersky LabKLA11017KLA11017 A buffer overflow vulnerability in LibreOffice
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
70.0%
Detect date:
04/30/2017
Severity:
Critical
Description:
An out-of-bounds write vulnerability was found in LibreOffice. By exploiting this vulnerability malicious users can possibly cause a denial of service or obtain sensitive information. This vulnerability can be exploited remotely.
Affected products:
LibreOffice 5.2.6 and earlier
Solution:
Update to the latest version
Get LibreOffice
Original advisories:
ofz#889 readjust jpeg import
libreoffice: Heap-buffer-overflow in null_convert
Impacts:
OSI
Related products:
CVE-IDS:
CVE-2017-83587.5Critical
References
bugs.chromium.org/p/oss-fuzz/issues/detail?id=889
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8358
github.com/LibreOffice/core/commit/6e6e54f944a5ebb49e9110bdeff844d00a96c56c
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/LibreOffice/
www.libreoffice.org/download/libreoffice-fresh/
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
70.0%