CVE-2016-0795

Title: CVE-2016-0795 LotusWordPro Bounds overflows in LwpTocSuperLayout processing

Announced: February  17, 2016

Fixed in: LibreOffice 5.0.5/5.1.0

Description:

Parsing the LwpTocSuperLayout record was insufficiently checked for validity. Documents can be constructed which cause memory corruption by overflowing the LwpTocSuperLayout buffer..

All users are recommended to upgrade to LibreOffice >= 5.0.5 or >= 5.1.0

Thanks to the researchers working with VeriSign iDefense Labs for discovering this flaw.

References:

    CVE-2016-0795

Latest Tweets

@libreoffice
@tdforg