Name | CVE-2016-1513 |
Description | The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) ODP or (2) OTP file. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DLA-591-1 |
Vulnerable and fixed packages
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|
libreoffice (PTS) | bullseye (security), bullseye | 1:7.0.4-4+deb11u10 | fixed |
| bookworm | 4:7.4.7-1+deb12u4 | fixed |
| bookworm (security) | 4:7.4.7-1+deb12u5 | fixed |
| trixie | 4:24.8.2-1 | fixed |
| sid | 4:24.8.2-2 | fixed |
The information below is based on the following data on fixed versions.
Notes
http://www.openoffice.org/security/cves/CVE-2016-1513.html
http://www.talosintelligence.com/reports/TALOS-2016-0051/
https://cgit.freedesktop.org/libreoffice/core/commit/?id=fd64d444b730f6cb7216dac8f6e3f9
https://cgit.freedesktop.org/libreoffice/core/commit/?id=adbdac2dd6799789a45cd3b6ca48919889a8b64d (origin/libreoffice-4-3-3)
Fixed at least in 4.3.3 based version, maybe alredy earlier.