ID CVE-2016-10327
Summary LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx.
References
Vulnerable Configurations
  • LibreOffice 5.3.0.0 Beta 2
    cpe:2.3:a:libreoffice:libreoffice:5.3.0.0:beta2
CVSS
Base: 7.5 (as of 20-04-2017 - 13:53)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-7A7D2044C9.NASL
    description - CVE-2017-7870 Heap-buffer-overflow in WMF filter - CVE-2016-10327 Heap-buffer-overflow in EMF filter Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 100192
    published 2017-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100192
    title Fedora 24 : 1:libreoffice (2017-7a7d2044c9)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1821-1.NASL
    description LibreOffice was updated to version 5.3.3.2, bringing new features and enhancements: Writer : - New 'Go to Page' dialog for quickly jumping to another page. - Support for 'Table Styles'. - New drawing tools were added. - Improvements in the toolbar. - Borderless padding is displayed. Calc : - New drawing tools were added. - In new installations the default setting for new documents is now 'Enable wildcards in formulas' instead of regular expressions. - Improved compatibility with ODF 1.2 Impress : - Images inserted via 'Photo Album' can now be linked instead of embedded in the document. - When launching Impress, a Template Selector allows you to choose a Template to start with. - Two new default templates: Vivid and Pencil. - All existing templates have been improved. Draw : - New arrow endings, including Crow's foot notation's ones. Base : - Firebird has been upgraded to version 3.0.0. It is unable to read back Firebird 2.5 data, so embedded Firebird odb files created in LibreOffice version up to 5.2 cannot be opened with LibreOffice 5.3. Some security issues have also been fixed : - CVE-2017-7870: An out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function. - CVE-2017-7882: An out-of-bounds write related to the HWPFile::TagsRead function. - CVE-2017-8358: an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function. - CVE-2016-10327: An out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function. - CVE-2017-9433: An out-of-bounds write caused by a heap-based buffer overflow related to the MsWrd1Parser::readFootnoteCorrespondance function in libmwaw. A comprehensive list of new features and changes in this release is available at: https://wiki.documentfoundation.org/ReleaseNotes/5.3 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 101353
    published 2017-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101353
    title SUSE SLED12 Security Update : libreoffice (SUSE-SU-2017:1821-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3273-1.NASL
    description It was discovered that LibreOffice incorrectly handled EMF image files. If a user were tricked into opening a specially crafted EMF image file, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 99965
    published 2017-05-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99965
    title Ubuntu 14.04 LTS / 16.04 LTS / 16.10 : libreoffice vulnerabilities (USN-3273-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2315-1.NASL
    description LibreOffice was updated to version 5.3.5.2, bringing new features and enhancements: Writer : - New 'Go to Page' dialog for quickly jumping to another page. - Support for 'Table Styles'. - New drawing tools were added. - Improvements in the toolbar. - Borderless padding is displayed. Calc : - New drawing tools were added. - In new installations the default setting for new documents is now 'Enable wildcards in formulas' instead of regular expressions. - Improved compatibility with ODF 1.2 Impress : - Images inserted via 'Photo Album' can now be linked instead of embedded in the document. - When launching Impress, a Template Selector allows you to choose a Template to start with. - Two new default templates: Vivid and Pencil. - All existing templates have been improved. Draw : - New arrow endings, including Crow's foot notation's ones. Base : - Firebird has been upgraded to version 3.0.0. It is unable to read back Firebird 2.5 data, so embedded Firebird odb files created in LibreOffice version up to 5.2 cannot be opened with LibreOffice 5.3. Some security issues have also been fixed : - CVE-2017-7870: An out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function. - CVE-2017-7882: An out-of-bounds write related to the HWPFile::TagsRead function. - CVE-2017-8358: an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function. - CVE-2016-10327: An out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function. - CVE-2017-9433: An out-of-bounds write caused by a heap-based buffer overflow related to the MsWrd1Parser::readFootnoteCorrespondance function in libmwaw. A comprehensive list of new features and changes in this release is available at: https://wiki.documentfoundation.org/ReleaseNotes/5.3 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 102911
    published 2017-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102911
    title SUSE SLED12 Security Update : libreoffice (SUSE-SU-2017:2315-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-807.NASL
    description LibreOffice was updated to version 5.3.3.2, bringing new features and enhancements : Writer : - New 'Go to Page' dialog for quickly jumping to another page. - Support for 'Table Styles'. - New drawing tools were added. - Improvements in the toolbar. - Borderless padding is displayed. Calc : - New drawing tools were added. - In new installations the default setting for new documents is now 'Enable wildcards in formulas' instead of regular expressions. - Improved compatibility with ODF 1.2 Impress : - Images inserted via 'Photo Album' can now be linked instead of embedded in the document. - When launching Impress, a Template Selector allows you to choose a Template to start with. - Two new default templates: Vivid and Pencil. - All existing templates have been improved. Draw : - New arrow endings, including Crow's foot notation's ones. Base : - Firebird has been upgraded to version 3.0.0. It is unable to read back Firebird 2.5 data, so embedded Firebird odb files created in LibreOffice version up to 5.2 cannot be opened with LibreOffice 5.3. Some security issues have also been fixed : - CVE-2017-7870: An out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function. - CVE-2017-7882: An out-of-bounds write related to the HWPFile::TagsRead function. - CVE-2017-8358: an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function. - CVE-2016-10327: An out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function. - CVE-2017-9433: An out-of-bounds write caused by a heap-based buffer overflow related to the MsWrd1Parser::readFootnoteCorrespondance function in libmwaw. A comprehensive list of new features and changes in this release is available at: https://wiki.documentfoundation.org/ReleaseNotes/5.3 This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 101517
    published 2017-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101517
    title openSUSE Security Update : libreoffice (openSUSE-2017-807)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201706-28.NASL
    description The remote host is affected by the vulnerability described in GLSA-201706-28 (LibreOffice: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in LibreOffice. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted file using LibreOffice, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 101074
    published 2017-06-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101074
    title GLSA-201706-28 : LibreOffice: Multiple vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOS_LIBREOFFICE_530.NASL
    description The version of LibreOffice installed on the remote Mac OS X or macOS host is prior to 5.1, 5.1.x prior to 5.1.6, or 5.2.x prior to 5.2.5. It is, therefore, affected by multiple vulnerabilities : - An overflow condition exists when processing EMF files, specifically in the EnhWMFReader::ReadEnhWMF() function within file vcl/source/filter/wmf/enhwmf.cxx, due to improper validation of a certain offset value in the header that precedes bitmap data. An unauthenticated, remote attacker can exploit this, via a specially crafted enhanced metafile file (EMF), to cause a denial of service condition or the execution of arbitrary code. Note that this vulnerability does not affect version 5.1.x. (CVE-2016-10327) - A file disclosure vulnerability exists due to a flaw in the content preview feature when handling embedded objects. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to disclose details of a file on the hosting system. (CVE-2017-3157) - An overflow condition exists in the Polygon::Insert() function within file tools/source/generic/poly.cxx when processing polygons in Windows metafiles (WMF) that under certain circumstances result in polygons with more points than can represented in LibreOffice's internal polygon class. An unauthenticated, remote attacker can exploit this, via a specially crafted WMF file, to cause a denial of service condition or the execution of arbitrary code. Note that this vulnerability does not affect version 5.1.x. (CVE-2017-7870) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-02-08
    plugin id 97497
    published 2017-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97497
    title LibreOffice < 5.1.6 / 5.2.5 / 5.3.0 Multiple Vulnerabilities (macOS)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-1048.NASL
    description LibreOffice was updated to version 5.3.5.2, bringing new features and enhancements : Writer : - New 'Go to Page' dialog for quickly jumping to another page. - Support for 'Table Styles'. - New drawing tools were added. - Improvements in the toolbar. - Borderless padding is displayed. Calc : - New drawing tools were added. - In new installations the default setting for new documents is now 'Enable wildcards in formulas' instead of regular expressions. - Improved compatibility with ODF 1.2 Impress : - Images inserted via 'Photo Album' can now be linked instead of embedded in the document. - When launching Impress, a Template Selector allows you to choose a Template to start with. - Two new default templates: Vivid and Pencil. - All existing templates have been improved. Draw : - New arrow endings, including Crow's foot notation's ones. Base : - Firebird has been upgraded to version 3.0.0. It is unable to read back Firebird 2.5 data, so embedded Firebird odb files created in LibreOffice version up to 5.2 cannot be opened with LibreOffice 5.3. Some security issues have also been fixed : - CVE-2017-7870: An out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function. - CVE-2017-7882: An out-of-bounds write related to the HWPFile::TagsRead function. - CVE-2017-8358: an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function. - CVE-2016-10327: An out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function. - CVE-2017-9433: An out-of-bounds write caused by a heap-based buffer overflow related to the MsWrd1Parser::readFootnoteCorrespondance function in libmwaw. A comprehensive list of new features and changes in this release is available at: https://wiki.documentfoundation.org/ReleaseNotes/5.3 This update contains binaries for the ports architectures only. This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 103284
    published 2017-09-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103284
    title openSUSE Security Update : libreoffice (openSUSE-2017-1048)
  • NASL family Windows
    NASL id LIBREOFFICE_530.NASL
    description The version of LibreOffice installed on the remote Windows host is prior to 5.1, 5.1.x prior to 5.1.6, or 5.2.x prior to 5.2.5. It is, therefore, affected by multiple vulnerabilities : - An overflow condition exists when processing EMF files, specifically in the EnhWMFReader::ReadEnhWMF() function within file vcl/source/filter/wmf/enhwmf.cxx, due to improper validation of a certain offset value in the header that precedes bitmap data. An unauthenticated, remote attacker can exploit this, via a specially crafted enhanced metafile file (EMF), to cause a denial of service condition or the execution of arbitrary code. Note that this vulnerability does not affect version 5.1.x. (CVE-2016-10327) - A file disclosure vulnerability exists due to a flaw in the content preview feature when handling embedded objects. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to disclose details of a file on the hosting system. (CVE-2017-3157) - An overflow condition exists in the Polygon::Insert() function within file tools/source/generic/poly.cxx when processing polygons in Windows metafiles (WMF) that under certain circumstances result in polygons with more points than can represented in LibreOffice's internal polygon class. An unauthenticated, remote attacker can exploit this, via a specially crafted WMF file, to cause a denial of service condition or the execution of arbitrary code. Note that this vulnerability does not affect version 5.1.x. (CVE-2017-7870) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-02-08
    plugin id 97496
    published 2017-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97496
    title LibreOffice < 5.1.6 / 5.2.5 / 5.3.0 Multiple Vulnerabilities
refmap via4
bid 97668
confirm http://www.libreoffice.org/about-us/security/advisories/cve-2016-10327/
gentoo GLSA-201706-28
misc
Last major update 20-04-2017 - 14:11
Published 14-04-2017 - 00:59
Last modified 14-11-2017 - 21:29
Back to Top