Heap-based Buffer Overflow in LibreOffice's SwCTBWrapper::Read Function

Heap-based Buffer Overflow in LibreOffice's SwCTBWrapper::Read Function

CVE-2018-10120 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record.

Learn more about our Cis Benchmark Audit For Microsoft Office.