Title: CVE-2017-7870 Heap-buffer-overflow in WMF polygon processing

Announced: April 21, 2017

Fixed in: LibreOffice 5.2.5/5.3.0


Windows Metafiles (WMF) can contain polygons which under certain circumstances when processed (split) can result in output polygons which have too many points to be represented by LibreOffice's internal polygon class.

Prior to versions 5.2.5/5.3.0 this failure was undetected and a heap buffer overflow could occur as the attempt to split the polygon was assumed to succeed.

All users are recommended to upgrade to LibreOffice >= 5.2.5 or >= 5.3.0.