oss-sec mailing list archives

CVE Request: LibreOffice -- several issues

From: Alexander Cherepanov <cherepan () mccme ru>
Date: Wed, 19 Nov 2014 04:30:40 +0300

Hi!

Could CVEs please be assigned to the following issues?

https://bugs.freedesktop.org/show_bug.cgi?id=86446
Crashes importing malformed .doc -- DoS

https://bugs.freedesktop.org/show_bug.cgi?id=86447
Crashes importing malformed .ppt -- DoS

https://bugs.freedesktop.org/show_bug.cgi?id=86448
Crashes importing malformed .rtf -- DoS

https://bugs.freedesktop.org/show_bug.cgi?id=86449
Crash importing malformed .rtf -- potentially exploitable for RCE

https://bugs.freedesktop.org/show_bug.cgi?id=86451
Crashes importing malformed .rtf

Tested with LibreOffice 3.5.4 on Debian Stable (amd64).

Found during one evening with zzuf.

IIUC any crasher (or 100% cpu usage) in LO is a security issue becauseit takes down all other windows with it. But Michael Meeks fromofficesecurity () lists freedesktop org indicated that they are notinterested in CVEs for DoS-only crashers (I haven't asked about RCE)because they still have 180 crashers in their own testing. All infoabout their testing is regularly posted to LO devel mailing list.


--
Alexander Cherepanov

Current thread:

CVE Request: LibreOffice -- several issues Alexander Cherepanov (Nov 18)
- Re: CVE Request: LibreOffice -- several issues timo . warns (Nov 19)
  - Re: CVE Request: LibreOffice -- several issues Alexander Cherepanov (Nov 26)
- Re: CVE Request: LibreOffice -- several issues cve-assign (Nov 25)
  - Re: Re: CVE Request: LibreOffice -- several issues Alexander Cherepanov (Nov 26)
    - Re: [Officesecurity] [oss-security] Re: CVE Request: LibreOffice -- several issues Caolán McNamara (Nov 26)
    - CVE Request: LibreOffice -- several issues Alexander Cherepanov (Nov 26)
    - Re: [Officesecurity] [oss-security] CVE Request: LibreOffice -- several issues Rene Engelhard (Nov 27)