CVE-2018-11790
Published: 31 December 2018
When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
libreoffice Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(1:6.0.7-0ubuntu0.18.04.2)
|
| cosmic |
Not vulnerable
|
|
| trusty |
Released
(1:4.2.8-0ubuntu5.5)
|
|
| upstream |
Released
(1:5.0.3~rc1-1)
|
|
| xenial |
Not vulnerable
(1:5.1.6~rc2-0ubuntu1~xenial4)
|
|
|
Patches: upstream: https://github.com/LibreOffice/core/commit/ae850353151cd6a79f7b4a012d0a411013c841a4 upstream: https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-0&id=92eed31707e655e484e263fee2b0c0ae93d73748 |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.8 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |