libreoffice: Multiple out-of-bounds overflows in lwp filter (CVE-2016-0794, CVE-2016-0795)
(CVE-2016-0794) LotusWordPro Multiple bounds overflows in lwp filter
Multiple offsets in parsing lwp documents were insufficiently checked
for validity.
Documents can be constructed which cause memory corruption by
overflowing various buffer bounds.
Fixed in:
LibreOffice 5.0.4/5.1.0
References:
http://www.libreoffice.org/about-us/security/advisories/cve-2016-0794/
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0794
(CVE-2016-0795) LotusWordPro Bounds overflows in LwpTocSuperLayout processing
Parsing the LwpTocSuperLayout record was insufficiently checked for
validity.
Documents can be constructed which cause memory corruption by
overflowing the LwpTocSuperLayout buffer..
Fixed in:
LibreOffice 5.0.5/5.1.0
References:
http://www.libreoffice.org/about-us/security/advisories/cve-2016-0795/
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0795
(from redmine: issue id 5147, created on 2016-02-22, closed on 2017-06-29)
- Relations:
- child #5148 (closed)
- child #5149 (closed)