LibreOffice < 5.1.6 / 5.2.5 / 5.3.0 Multiple Vulnerabilities (macOS)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

An application installed on the remote host is affected by multiple
vulnerabilities.

Description :

The version of LibreOffice installed on the remote Mac OS X or macOS
host is prior to 5.1, 5.1.x prior to 5.1.6, or 5.2.x prior to 5.2.5.
It is, therefore, affected by multiple vulnerabilities :

- An overflow condition exists when processing EMF files,
specifically in the EnhWMFReader::ReadEnhWMF() function
within file vcl/source/filter/wmf/enhwmf.cxx, due to
improper validation of a certain offset value in the
header that precedes bitmap data. An unauthenticated,
remote attacker can exploit this, via a specially
crafted enhanced metafile file (EMF), to cause a denial
of service condition or the execution of arbitrary code.
Note that this vulnerability does not affect version
5.1.x. (CVE-2016-10327)

- A file disclosure vulnerability exists due to a flaw in
the content preview feature when handling embedded
objects. An unauthenticated, remote attacker can exploit
this, via a specially crafted file, to disclose details
of a file on the hosting system. (CVE-2017-3157)

- An overflow condition exists in the Polygon::Insert()
function within file tools/source/generic/poly.cxx
when processing polygons in Windows metafiles (WMF) that
under certain circumstances result in polygons with more
points than can represented in LibreOffice's internal
polygon class. An unauthenticated, remote attacker can
exploit this, via a specially crafted WMF file, to cause
a denial of service condition or the execution of
arbitrary code. Note that this vulnerability does not
affect version 5.1.x. (CVE-2017-7870)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

https://www.libreoffice.org/about-us/security/advisories/cve-2016-10327/
https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/
https://www.libreoffice.org/about-us/security/advisories/cve-2017-7870/

Solution :

Upgrade to LibreOffice version 5.1.6 / 5.2.5 / 5.3.0 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: MacOS X Local Security Checks

Nessus Plugin ID: 97497 ()

Bugtraq ID: 96402
97668
97671

CVE ID: CVE-2016-10327
CVE-2017-3157
CVE-2017-7870

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now