oss-sec mailing list archives
CVE-2018-11790: Apache OpenOffice: Arithmetic overflow and wrap around during string length calculation
From: Peter Kovacs <Petko () Apache org>
Date: Tue, 15 Jan 2019 22:51:10 +0100
CVE-2018-11790 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11790> Apache OpenOffice Advisory <https://www.openoffice.org/security/cves/CVE-2018-11790.html> *CVE-2018-11790 Arithmetic overflow and wrap around during sting length calculation * *Fixed in Apache OpenOffice 4.1.6* *Description* When loading a document with smaller end line termination then the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation. *Severity: Medium* There are no known exploits of this vulnerability. A proof-of-concept demonstration exists. ssd-disclosure <https://ssd-disclosure.com/index.php/archives/3758> Thanks to the reporter for discovering this issue. *Vendor: The Apache Software Foundation* *Versions Affected* All Apache OpenOffice versions 4.1.5 and older are affected. OpenOffice.org versions are also affected. *Mitigation* Install Apache OpenOffice 4.1.6 for the latest maintenance and cumulative security fixes. Use the Apache OpenOffice download page <https://www.openoffice.org/download/>. *Further Information* For additional information and assistance, consult the Apache OpenOffice Community Forums <https://forum.openoffice.org/> or make requests to the users () openoffice apache org <mailto:users () openoffice apache org> public mailing list. The latest information on Apache OpenOffice security bulletins can be found at the Bulletin Archive page <https://www.openoffice.org/security/bulletin.html>. ------------------------------------------------------------------------ Security Home <http://security.openoffice.org> -> Bulletin <http://www.openoffice.org/security/bulletin.html> -> CVE-2018-11790 <https://www.openoffice.org/security/cves/CVE-2018-11790.html>
Current thread:
- CVE-2018-11790: Apache OpenOffice: Arithmetic overflow and wrap around during string length calculation Peter Kovacs (Jan 16)