'[oss-security] CVE-2018-11790: Apache OpenOffice: Arithmetic overflow and wrap around during string '

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2018-11790: Apache OpenOffice: Arithmetic overflow and wrap around during string 
From:       Peter Kovacs <Petko () Apache ! org>
Date:       2019-01-15 21:51:10
Message-ID: f1f281ec-0342-23bf-43ba-47fc7e836372 () Apache ! org
[Download RAW message or body]


CVE-2018-11790 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11790>

Apache OpenOffice Advisory
<https://www.openoffice.org/security/cves/CVE-2018-11790.html>

*CVE-2018-11790 Arithmetic overflow and wrap around during sting length
calculation *

*Fixed in Apache OpenOffice 4.1.6*

*Description*

When loading a document with smaller end line termination then the
operating system uses, the defect occurs. In this case OpenOffice runs
into an Arithmetic Overflow at a string length calculation.

*Severity: Medium*

There are no known exploits of this vulnerability.
A proof-of-concept demonstration exists.
ssd-disclosure <https://ssd-disclosure.com/index.php/archives/3758>

Thanks to the reporter for discovering this issue.

*Vendor: The Apache Software Foundation*

*Versions Affected*

All Apache OpenOffice versions 4.1.5 and older are affected.
OpenOffice.org versions are also affected.

*Mitigation*

Install Apache OpenOffice 4.1.6 for the latest maintenance and
cumulative security fixes. Use the Apache OpenOffice download page
<https://www.openoffice.org/download/>.

*Further Information*

For additional information and assistance, consult the Apache OpenOffice
Community Forums <https://forum.openoffice.org/> or make requests to the
users@openoffice.apache.org <mailto:users@openoffice.apache.org> public
mailing list.

The latest information on Apache OpenOffice security bulletins can be
found at the Bulletin Archive page
<https://www.openoffice.org/security/bulletin.html>.

------------------------------------------------------------------------

Security Home <http://security.openoffice.org> -> Bulletin
<http://www.openoffice.org/security/bulletin.html> -> CVE-2018-11790
<https://www.openoffice.org/security/cves/CVE-2018-11790.html>




[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic