LibreOffice < 5.1.6 / 5.2.5 / 5.3.0 Multiple Vulnerabilities
High Nessus Plugin ID 97496
SynopsisAn application installed on the remote host is affected by multiple vulnerabilities.
DescriptionThe version of LibreOffice installed on the remote Windows host is prior to 5.1, 5.1.x prior to 5.1.6, or 5.2.x prior to 5.2.5. It is, therefore, affected by multiple vulnerabilities :
- An overflow condition exists when processing EMF files, specifically in the EnhWMFReader::ReadEnhWMF() function within file vcl/source/filter/wmf/enhwmf.cxx, due to improper validation of a certain offset value in the header that precedes bitmap data. An unauthenticated, remote attacker can exploit this, via a specially crafted enhanced metafile file (EMF), to cause a denial of service condition or the execution of arbitrary code.
Note that this vulnerability does not affect version 5.1.x. (CVE-2016-10327)
- A file disclosure vulnerability exists due to a flaw in the content preview feature when handling embedded objects. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to disclose details of a file on the hosting system. (CVE-2017-3157)
- An overflow condition exists in the Polygon::Insert() function within file tools/source/generic/poly.cxx when processing polygons in Windows metafiles (WMF) that under certain circumstances result in polygons with more points than can represented in LibreOffice's internal polygon class. An unauthenticated, remote attacker can exploit this, via a specially crafted WMF file, to cause a denial of service condition or the execution of arbitrary code. Note that this vulnerability does not affect version 5.1.x. (CVE-2017-7870)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to LibreOffice version 5.1.6 / 5.2.5 / 5.3.0 or later.