Candidate: CVE-2017-14226
PublicDate: 2017-09-09 08:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14226
Description:
 WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in
 libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a
 denial of service (heap-based buffer over-read in the WPXTableList class in
 WPXTable.cpp). This vulnerability can be triggered in LibreOffice before
 5.3.7. It may lead to suffering a remote attack against a LibreOffice
 application.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.documentfoundation.org/show_bug.cgi?id=112269
 https://bugzilla.redhat.com/show_bug.cgi?id=1489337
 https://sourceforge.net/p/libwpd/tickets/14/
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_libwpd:
 other: https://sourceforge.net/p/libwpd/code/ci/0329a9c57f9b3b0efa0f09a5235dfd90236803a5/
 other: https://sourceforge.net/p/libwpd/code/ci/f40827b3eae260ce657c67d9fecc855b09dea3c3/
 other: https://cgit.freedesktop.org/libreoffice/core/commit/?id=dd89afa6ee8166b69e7a1e86f22616ca8fc122c9
upstream_libwpd: released (0.10.2-1)
precise/esm_libwpd: DNE
trusty_libwpd: ignored (reached end-of-life)
trusty/esm_libwpd: DNE (trusty was needed)
vivid/ubuntu-core_libwpd: DNE
xenial_libwpd: ignored (end of standard support, was needed)
esm-infra/xenial_libwpd: needed
zesty_libwpd: ignored (reached end-of-life)
artful_libwpd: ignored (reached end-of-life)
bionic_libwpd: not-affected (0.10.2-2)
cosmic_libwpd: not-affected (0.10.2-2)
disco_libwpd: not-affected (0.10.2-3)
eoan_libwpd: not-affected (0.10.2-3)
focal_libwpd: not-affected (0.10.2-3)
groovy_libwpd: not-affected (0.10.2-3)
hirsute_libwpd: not-affected (0.10.2-3)
impish_libwpd: not-affected (0.10.2-3)
jammy_libwpd: not-affected (0.10.2-3)
devel_libwpd: not-affected (0.10.2-3)