{"affected":[{"ecosystem_specific":{"binaries":[{"libwpd-0_10-10":"0.10.2-2.4.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP2","name":"libwpd","purl":"pkg:rpm/suse/libwpd&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.10.2-2.4.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libwpd-0_10-10":"0.10.2-2.4.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP3","name":"libwpd","purl":"pkg:rpm/suse/libwpd&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.10.2-2.4.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libwpd-0_10-10":"0.10.2-2.4.1","libwpd-devel":"0.10.2-2.4.1","libwpd-devel-doc":"0.10.2-2.4.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP2","name":"libwpd","purl":"pkg:rpm/suse/libwpd&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.10.2-2.4.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libwpd-0_10-10":"0.10.2-2.4.1","libwpd-devel":"0.10.2-2.4.1","libwpd-devel-doc":"0.10.2-2.4.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP3","name":"libwpd","purl":"pkg:rpm/suse/libwpd&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.10.2-2.4.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libwpd-0_10-10":"0.10.2-2.4.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 12 SP2","name":"libwpd","purl":"pkg:rpm/suse/libwpd&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.10.2-2.4.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libwpd-0_10-10":"0.10.2-2.4.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 12 SP3","name":"libwpd","purl":"pkg:rpm/suse/libwpd&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.10.2-2.4.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libwpd fixes the following issues:\n\nSecurity issue fixed:\n- CVE-2017-14226: WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd\n  0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based\n  buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered\n  in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice\n  application. (bnc#1058025)\n\nBugfixes:\n- Fix various crashes, leaks and hangs when reading damaged files found by oss-fuzz.\n- Fix crash when NULL is passed as input stream.\n- Use symbol visibility on Linux. The library only exports public functions now.\n- Avoid infinite loop. (libwpd#3)\n- Remove bashism. (libwpd#5)\n- Fix various crashes and hangs when reading broken files found with the help of american-fuzzy-lop.\n- Make --help output of all command line tools more help2man-friendly.\n- Miscellaneous fixes and cleanups.\n- Generate manpages for the libwpd-tools\n","id":"SUSE-SU-2017:2931-1","modified":"2017-11-06T08:42:15Z","published":"2017-11-06T08:42:15Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20172931-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1058025"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14226"}],"related":["CVE-2017-14226"],"summary":"Security update for libwpd","upstream":["CVE-2017-14226"]}