CVE-2013-2189

Title: CVE-2013-2189: Microsoft .doc Memory Corruption Vulnerability

Announced: July 26 2013

Fixed in: LibreOffice 3.4.3

Description:

Prior to version 3.4.3 a vulnerability exists where parsing a malformed Microsoft .doc file can operate on invalid PLCF (Plex of Character Positions in File) data. Users should already have upgraded to versions >= 3.4.3 due to earlier advisories.

Thanks to Jeremy Brown of Microsoft Vulnerability Research for reporting this flaw.

References:

PRE-CERT

Latest Tweets

@libreoffice
@tdforg