CVE-2016-0794

Title: CVE-2016-0794 LotusWordPro Multiple bounds overflows in lwp filter

Announced: February  17, 2016

Fixed in: LibreOffice 5.0.4/5.1.0

Description:

Multiple offsets in parsing lwp documents were insufficiently checked for validity. Documents can be constructed which cause memory corruption by overflowing various buffer bounds.

All users are recommended to upgrade to LibreOffice >= 5.0.4 or >= 5.1.0

Thanks to the researchers working with VeriSign iDefense Labs for discovering this flaw.

References:

    CVE-2016-0794

Latest Tweets

@libreoffice
@tdforg