CVE-2018-19208

Priority
Description
In libwpd 0.10.2, there is a NULL pointer dereference in the function
WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to
a denial of service attack. This is related to WPXTable.h.
Notes
Package
Upstream:released (0.10.2-3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.04 (Disco Dingo):not-affected (0.10.2-3)
Ubuntu 19.10 (Eoan Ermine):not-affected (0.10.2-3)
Ubuntu 20.04 (Focal Fossa):not-affected (0.10.2-3)
Patches:
Vendor:https://src.fedoraproject.org/rpms/libwpd/blob/e42834b844f3282d8ccb0889abf1b33f3f71e02f/f/0001-Resolves-rhbz-1643752-bounds-check-m_currentTable-ac.patch
More Information

Updated: 2019-12-05 19:55:06 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)