CVE-2016-0794 :: Enginsight Vulnerability Database

Severity

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Atk. Vector

LOCAL

Atk. Complexity

LOW

Priv. Required

NONE

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Vendor	Product	Version
libreoffice	libreoffice	𝑥 ≤ 5.0.3
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	15.10

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libreoffice

bullseye	1:7.0.4-4+deb11u10 fixed
bullseye (security)	1:7.0.4-4+deb11u11 fixed
bookworm	4:7.4.7-1+deb12u4 fixed
bookworm (security)	4:7.4.7-1+deb12u5 fixed
sid	4:24.8.2-2 fixed
trixie	4:24.8.2-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

libreoffice

wily	Fixed 1:5.0.5~rc2-0ubuntu2 released
trusty	Fixed 1:4.2.8-0ubuntu4 released
precise	Fixed 1:3.5.7-0ubuntu10 released

openoffice.org

wily	dne
trusty	dne
precise	not-affected

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178036.html

http://lists.opensuse.org/opensuse-updates/2016-05/msg00110.html

http://lists.opensuse.org/opensuse-updates/2016-07/msg00050.html

http://rhn.redhat.com/errata/RHSA-2016-2579.html

http://www.debian.org/security/2016/dsa-3482

http://www.securitytracker.com/id/1035022

http://www.ubuntu.com/usn/USN-2899-1

https://www.libreoffice.org/about-us/security/advisories/cve-2016-0794/

https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1220

https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1221

https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1222