Title: CVE-2016-4324 Dereference of invalid STL iterator on processing RTF file

Announced: June 28th, 2016

Fixed in: LibreOffice 5.1.4/5.2.0


Parsing the Rich Text Format character style index was insufficiently checked for validity. Documents can be constructed which dereference an iterator to the first entry of an empty STL container.

All users are recommended to upgrade to LibreOffice >= 5.1.4

Thanks to the researchers working with Cisco Talos Security Intelligence and Research Group for discovering this flaw.



Latest Tweets