[3.5] libreoffice: Heap-buffer-overflow in WMF polygon processing and EMF filter (CVE-2017-7870, CVE-2016-10327)
CVE-2017-7870 Heap-buffer-overflow in WMF polygon processing
Windows Metafiles (WMF) can contain polygons which under certain
circumstances when processed (split) can result
in output polygons which have too many points to be represented by
LibreOffice’s internal polygon class.
Fixed in:
LibreOffice 5.2.5/5.3.0
Reference:
https://www.libreoffice.org/about-us/security/advisories/cve-2017-7870/
CVE-2016-10327 Heap-buffer-overflow in EMF filter
Enhanced Metafiles (EMF) can contain bitmap data preceded by a header
and a field with in that header which states the offset from the start
of the
header to the bitmap data. An emf can be crafted to provide an illegal
offset which if not tested for validity can trigger a heap buffer
overflow.
Fixed in:
LibreOffice 5.2.5/5.3.0
Reference:
https://www.libreoffice.org/about-us/security/advisories/cve-2016-10327/
(from redmine: issue id 7293, created on 2017-05-18, closed on 2017-06-16)
- Changesets:
- Revision 0c6f4a41 on 2017-06-16T06:21:17Z:
community/libreoffice: security update to 5.2.7.2 (CVE-2017-7870, CVE-2016-10327)
Fixes #7293