Title: CVE-2018-10120 Heap Buffer Overflow in MSWord Customizations parsing
Announced: April 18, 2018
Fixed in: LibreOffice 5.4.6/6.0.2
LibreOffice before 5.4.6 and 6.x before 6.0.2 have a flaw in an edge case in processing a specific uncommon Microsoft Word record. An index into a dynamically allocated buffer is used without bounds checking.
All users are recommended to upgrade to LibreOffice >= 5.4.6 or >= 6.0.2