← Back

CVE-2018-10120

nvd nist
Published: Apr 16, 2018Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record.

Affected (10)

Show all products
Debian: Debian Linux · Libreoffice: Libreoffice · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation · Canonical: Ubuntu Linux
Debian
1 product
Debian Linux
Libreoffice
1 product
Libreoffice
Redhat
3 products
Enterprise Linux Desktop
Enterprise Linux Server
Enterprise Linux Workstation
Canonical
1 product
Ubuntu Linux
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 7.0
Debian Linux
Version 8.0
Debian Linux
Version 9.0
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Libreoffice
Libreoffice
Before 5.4.6.1
Libreoffice
From 6.0.0 to 6.0.2.1
Configuration C
3 vulnerable
Vulnerable SoftwareAffected Versions
Enterprise Linux Desktop
Version 7.0
Enterprise Linux Server
Version 7.0
Enterprise Linux Workstation
Version 7.0
Configuration D
2 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 14.04
Ubuntu Linux
Version 16.04

Related CWEs

CWE-129
Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (20)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.