CVE-2016-4324
Title: CVE-2016-4324 Dereference of invalid STL iterator on processing RTF file
Announced: June 28th, 2016
Fixed in: LibreOffice 5.1.4/5.2.0
Description:
Parsing the Rich Text Format character style index was insufficiently checked for validity. Documents can be constructed which dereference an iterator to the first entry of an empty STL container.
All users are recommended to upgrade to LibreOffice >= 5.1.4
Thanks to the researchers working with Cisco Talos Security Intelligence and Research Group for discovering this flaw.
References:
CVE-2016-4324
關注我們