Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 19 Nov 2014 04:30:40 +0300
From: Alexander Cherepanov <>
Subject: CVE Request: LibreOffice -- several issues


Could CVEs please be assigned to the following issues?
Crashes importing malformed .doc -- DoS
Crashes importing malformed .ppt -- DoS
Crashes importing malformed .rtf -- DoS
Crash importing malformed .rtf -- potentially exploitable for RCE
Crashes importing malformed .rtf

Tested with LibreOffice 3.5.4 on Debian Stable (amd64).

Found during one evening with zzuf.

IIUC any crasher (or 100% cpu usage) in LO is a security issue because 
it takes down all other windows with it. But Michael Meeks from indicated that they are not 
interested in CVEs for DoS-only crashers (I haven't asked about RCE) 
because they still have 180 crashers in their own testing. All info 
about their testing is regularly posted to LO devel mailing list.

Alexander Cherepanov

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.