Title: CVE-2018-14939 overflow at realpath

Announced: Aug 13, 2018

Fixed in: Not a Bug


CVE-2018-14939 was assigned to address an apparent buffer overflow in the get_app_path function with the suggestion that it is possible for attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site.

Our analysis is that this is not the case. get_app_path is only called with argv[0] of LO's oosplash helper executable (installed at /usr/lib.../libreoffice/program/oosplash, called during the LO start-up sequence), so an attack would need launch that executable with a suitably long argv[0] which is not under the control of an attacker.