FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libreoffice -- use-after-free vulnerability

Affected packages
libreoffice < 5.1.4

Details

VuXML ID 3159cd70-4aaa-11e6-a7bd-14dae9d210b8
Discovery 2016-06-27
Entry 2016-07-15

Talos reports:

An exploitable Use After Free vulnerability exists in the RTF parser LibreOffice. A specially crafted file can cause a use after free resulting in a possible arbitrary code execution. To exploit the vulnerability a malicious file needs to be opened by the user via vulnerable application.

References

CVE Name CVE-2016-4324
URL http://www.libreoffice.org/about-us/security/advisories/cve-2016-4324/
URL http://www.talosintelligence.com/reports/TALOS-2016-0126/