oss-sec mailing list archives
Re: [Officesecurity] CVE Request (minor) -- LibreOffice (X >= v3.5.0): DoS (excessive CPU use) in the RTF tokenizer
From: Miklos Vajna <vmiklos () suse cz>
Date: Thu, 19 Apr 2012 14:36:45 +0200
On Thu, Apr 19, 2012 at 01:33:07PM +0100, Caolán McNamara <caolanm () redhat com> wrote:
On Thu, 2012-04-19 at 14:14 +0200, Jan Lieskovsky wrote:Though Caolán , Miklos or LibreOffice upstream can clarify further if this should be considered to be a security flaw (due to internal implementation details I am not aware of and might lead to memory corruption announced at [7]).nah, insta-crash with a -1 passed to new(...) so throws bad_alloc, "safe" crash.
+1, as far as I see. Miklos
Current thread:
- CVE Request (minor) -- LibreOffice (X >= v3.5.0): DoS (excessive CPU use) in the RTF tokenizer Jan Lieskovsky (Apr 19)
- Re: [Officesecurity] CVE Request (minor) -- LibreOffice (X >= v3.5.0): DoS (excessive CPU use) in the RTF tokenizer Caolán McNamara (Apr 19)
- Re: [Officesecurity] CVE Request (minor) -- LibreOffice (X >= v3.5.0): DoS (excessive CPU use) in the RTF tokenizer Miklos Vajna (Apr 19)
- Re: Re: [Officesecurity] CVE Request (minor) -- LibreOffice (X >= v3.5.0): DoS (excessive CPU use) in the RTF tokenizer Moritz Muehlenhoff (Apr 19)
- Re: [Officesecurity] CVE Request (minor) -- LibreOffice (X >= v3.5.0): DoS (excessive CPU use) in the RTF tokenizer Caolán McNamara (Apr 19)