Affected products: LibreOffice 3.x
Affected versions: LibreOffice versions up to 3.5.5.
Description:
The vulnerability allows a remote user to execute arbitrary code on the target system.
1. An error in the processing hierarchy of tags in XML-files. This can be exploited to cause a heap overflow.
2. The vulnerability is caused due to a boundary error when duplicating some tags in XML-files. This can be exploited to cause a heap overflow.
3. An error in the implementation of the decoder Base64 when exporting XML-files. This can be exploited to cause a heap overflow.
Successful exploitation allows execution of arbitrary code, but requires that the victim opens a specially crafted ODF-file.
Manufacturer URL: http://www.libreoffice.org/
Solution: Install the latest version 3.5.5 from the manufacturer.
links: