CVE-2018-10119

Title: CVE-2018-10119 Use After Free in Structured Storage parser

Announced: April 18, 2018

Fixed in: LibreOffice 5.4.5/6.0.1

Description:

LibreOffice before 5.4.5 and 6.x before 6.0.1 have a flaw in an edge case in processing the structured storage ole2 wrapper file format. A short datatype is used which can overflow resulting in a write to recently freed data

All users are recommended to upgrade to LibreOffice >= 5.4.5 or >= 6.0.1

References:

    CVE-2018-10119

Latest Tweets

@libreoffice
@tdforg