Out-of-bounds read in libwpd - CVE-2017-14226
Published: September 9, 2017 / Updated: August 8, 2020
Vulnerability identifier: #VU38339
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2017-14226
CWE-ID: CWE-125
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: libwpd.sourceforge.net
Affected software:
libwpd
libwpd
Detailed vulnerability description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which. A remote attacker can perform a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application.
How to mitigate CVE-2017-14226
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Sources
- https://bugs.documentfoundation.org/show_bug.cgi?id=112269
- https://bugzilla.redhat.com/show_bug.cgi?id=1489337
- https://cgit.freedesktop.org/libreoffice/core/commit/?id=dd89afa6ee8166b69e7a1e86f22616ca8fc122c9
- https://sourceforge.net/p/libwpd/code/ci/0329a9c57f9b3b0efa0f09a5235dfd90236803a5/
- https://sourceforge.net/p/libwpd/code/ci/f40827b3eae260ce657c67d9fecc855b09dea3c3/
- https://sourceforge.net/p/libwpd/tickets/14/