CVE-2018-3984

An exploitable uninitialized length vulnerability exists within the Word document-parser of the Atlantis Word Processor 3.0.2.3 and 3.0.2.5. A specially crafted document can cause Atlantis to skip initializing a value representing the number of columns of a table. Later, the application will use...

CVE-2018-3984

CVE-2018-3984 affects Atlantis Word Processor 3.0.2.3 and 3.0.2.5. The Word Document parser has an uninitialized length (SprmTDefTable) for the number of table columns, which is later used as a loop bound. A crafted Word doc can trigger a heap-based buffer overflow, leading to code execution unde...

CVE-2018-3982

CVE-2018-3982 is an exploitable arbitrary write vulnerability in the Atlantis Word Processor (Word Document parser). Cisco Talos reports that Atlantis Word Processor 3.0.2.3 and 3.0.2.5 can be induced to skip adding elements to a loop-indexed array, causing an out-of-bounds read of a pointer and,...

CVE-2018-3978

An exploitable out-of-bounds write vulnerability exists in the Word Document parser of the Atlantis Word Processor 3.0.2.3, 3.0.2.5. A specially crafted document can cause Atlantis to write a value outside the bounds of a heap allocation, resulting in a buffer overflow. An attacker must convince ...

CVE-2018-3978

CVE-2018-3978 is a vulnerability in Atlantis Word Processor’s Word Document parser (CLX/Clx handling in the Fib-based WordDocument table). A specially crafted Word binary (DOC) document can trigger a heap-based buffer overflow by mis-processing the Clx/Pcdt piece-descriptor table: the Clx.lcb con...

Atlantis Word Processor Word document paragraph property (0xD608) sprmTDefTable uninitialized length code execution vulnerability

Summary An exploitable uninitialized length vulnerability exists within the Word document-parser of the Atlantis Word Processor. A specially crafted document can cause Atlantis to skip initializing a value representing the number of columns of a table. Later, the application will use this as a...

Atlantis Word Processor empty TTableRow TList code execution vulnerability

Summary An exploitable uninitialized pointer vulnerability exists in the Word document parser of the the Atlantis Word Processor. A specially crafted document can cause an array fetch to return an uninitialized pointer and then performs some arithmetic before writing a value to the result. Usage ...

PT-2018-1609 · Atlantis · Atlantis Word Processor

Name of the Vulnerable Software and Affected Versions: Atlantis Word Processor versions 3.0.2.3 through 3.0.2.5 Description: An exploitable arbitrary write vulnerability exists in the Word document parser of the Atlantis Word Processor. A specially crafted document can prevent the application fro...

PT-2018-1608 · Atlantis · Atlantis Word Processor

Name of the Vulnerable Software and Affected Versions: Atlantis Word Processor versions 3.0.2.3 through 3.0.2.5 Description: The issue is caused by an uninitialized length vulnerability in the Word document-parser of the Atlantis Word Processor. A specially crafted document can lead to a buffer...

PT-2018-9227 · Artifex +1 · Mupdf +1

Name of the Vulnerable Software and Affected Versions: Artifex MuPDF versions 1.12.0 and earlier Description: The issue is related to multiple heap use after free bugs in the PDF parser, which could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a craft...

UBUNTU-CVE-2017-9806

A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service memory corruption and application crash potentially resulting in arbitrary code execution...

UBUNTU-CVE-2017-12608

A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in ImportOldFormatStyles, allows attackers to craft malicious documents that cause denial of service memory corruption and application crash potentially resulting in arbitrary code execution...

Null pointer dereference

The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted PDF document...

LibreOffice: Multiple vulnerabilities

Background LibreOffice is a full office productivity suite. Description Multiple vulnerabilities have been found in LibreOffice: The Microsoft Word Document parser contains an out-of-bounds read error CVE-2011-2713. The Raptor RDF parser contains an XML External Entity expansion error...

xpdf: uninitialized Gfx::parser pointer dereference

The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service crash via unknown vectors that trigger an uninitialized pointer...

[Backports-security-announce] Security Update for openoffice.org

Rene Engelhard uploaded a new package for openoffice.org which fixed the following security problems: CVE-2010-0136 It was discovered that macro security settings were insufficiently enforced for VBA macros. CVE-2009-0217 It was discovered that the W3C XML Signature recommendation contains a...

Sun OpenOffice.org RTF Parser prtdata Tag Buffer Overflow

The remote host is running a version of Sun Microsystems OpenOffice.org that is affected by a heap-based buffer overflow in its RTF document parser that is triggered when parsing 'prtdata' tags. If a remote attacker can trick a user into opening a specially crafted RTF document, he can execute...