[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2018-11790: Apache OpenOffice: Arithmetic overflow and wrap around during string
From: Peter Kovacs <Petko () Apache ! org>
Date: 2019-01-15 21:51:10
Message-ID: f1f281ec-0342-23bf-43ba-47fc7e836372 () Apache ! org
[Download RAW message or body]
CVE-2018-11790 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11790>
Apache OpenOffice Advisory
<https://www.openoffice.org/security/cves/CVE-2018-11790.html>
*CVE-2018-11790 Arithmetic overflow and wrap around during sting length
calculation *
*Fixed in Apache OpenOffice 4.1.6*
*Description*
When loading a document with smaller end line termination then the
operating system uses, the defect occurs. In this case OpenOffice runs
into an Arithmetic Overflow at a string length calculation.
*Severity: Medium*
There are no known exploits of this vulnerability.
A proof-of-concept demonstration exists.
ssd-disclosure <https://ssd-disclosure.com/index.php/archives/3758>
Thanks to the reporter for discovering this issue.
*Vendor: The Apache Software Foundation*
*Versions Affected*
All Apache OpenOffice versions 4.1.5 and older are affected.
OpenOffice.org versions are also affected.
*Mitigation*
Install Apache OpenOffice 4.1.6 for the latest maintenance and
cumulative security fixes. Use the Apache OpenOffice download page
<https://www.openoffice.org/download/>.
*Further Information*
For additional information and assistance, consult the Apache OpenOffice
Community Forums <https://forum.openoffice.org/> or make requests to the
users@openoffice.apache.org <mailto:users@openoffice.apache.org> public
mailing list.
The latest information on Apache OpenOffice security bulletins can be
found at the Bulletin Archive page
<https://www.openoffice.org/security/bulletin.html>.
------------------------------------------------------------------------
Security Home <http://security.openoffice.org> -> Bulletin
<http://www.openoffice.org/security/bulletin.html> -> CVE-2018-11790
<https://www.openoffice.org/security/cves/CVE-2018-11790.html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic