oss-sec mailing list archives
CVE Request: LibreOffice -- several issues
From: Alexander Cherepanov <cherepan () mccme ru>
Date: Wed, 19 Nov 2014 04:30:40 +0300
Hi! Could CVEs please be assigned to the following issues? https://bugs.freedesktop.org/show_bug.cgi?id=86446 Crashes importing malformed .doc -- DoS https://bugs.freedesktop.org/show_bug.cgi?id=86447 Crashes importing malformed .ppt -- DoS https://bugs.freedesktop.org/show_bug.cgi?id=86448 Crashes importing malformed .rtf -- DoS https://bugs.freedesktop.org/show_bug.cgi?id=86449 Crash importing malformed .rtf -- potentially exploitable for RCE https://bugs.freedesktop.org/show_bug.cgi?id=86451 Crashes importing malformed .rtf Tested with LibreOffice 3.5.4 on Debian Stable (amd64). Found during one evening with zzuf.IIUC any crasher (or 100% cpu usage) in LO is a security issue because it takes down all other windows with it. But Michael Meeks from officesecurity () lists freedesktop org indicated that they are not interested in CVEs for DoS-only crashers (I haven't asked about RCE) because they still have 180 crashers in their own testing. All info about their testing is regularly posted to LO devel mailing list.
-- Alexander Cherepanov
Current thread:
- CVE Request: LibreOffice -- several issues Alexander Cherepanov (Nov 18)
- Re: CVE Request: LibreOffice -- several issues timo . warns (Nov 19)
- Re: CVE Request: LibreOffice -- several issues Alexander Cherepanov (Nov 26)
- Re: CVE Request: LibreOffice -- several issues cve-assign (Nov 25)
- Re: Re: CVE Request: LibreOffice -- several issues Alexander Cherepanov (Nov 26)
- Re: [Officesecurity] [oss-security] Re: CVE Request: LibreOffice -- several issues Caolán McNamara (Nov 26)
- CVE Request: LibreOffice -- several issues Alexander Cherepanov (Nov 26)
- Re: [Officesecurity] [oss-security] CVE Request: LibreOffice -- several issues Rene Engelhard (Nov 27)
- Re: Re: CVE Request: LibreOffice -- several issues Alexander Cherepanov (Nov 26)
- Re: CVE Request: LibreOffice -- several issues timo . warns (Nov 19)