Vulnerability Description
When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Openoffice | <= 4.1.5 |
| Canonical | Ubuntu Linux | 14.04 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/106803Third Party AdvisoryVDB Entry
- https://lists.apache.org/thread.html/7394e6b5f78a878bd0c44e9bc9adf90b8cdf49e9adc
- https://usn.ubuntu.com/3883-1/Third Party Advisory
- https://www.openoffice.org/security/cves/CVE-2018-11790.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/106803Third Party AdvisoryVDB Entry
- https://lists.apache.org/thread.html/7394e6b5f78a878bd0c44e9bc9adf90b8cdf49e9adc
- https://usn.ubuntu.com/3883-1/Third Party Advisory
- https://www.openoffice.org/security/cves/CVE-2018-11790.htmlPatchVendor Advisory
FAQ
What is CVE-2018-11790?
CVE-2018-11790 is a vulnerability with a CVSS score of 7.8 (HIGH). When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic O...
How severe is CVE-2018-11790?
CVE-2018-11790 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-11790?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Openoffice, Canonical Ubuntu Linux.