CVE-2018-10120

Title: CVE-2018-10120 Heap Buffer Overflow in MSWord Customizations parsing

Announced: April 18, 2018

Fixed in: LibreOffice 5.4.6/6.0.2

Description:

LibreOffice before 5.4.6 and 6.x before 6.0.2 have a flaw in an edge case in processing a specific uncommon Microsoft Word record. An index into a dynamically allocated buffer is used without bounds checking.

All users are recommended to upgrade to LibreOffice >= 5.4.6 or >= 6.0.2

References:

    CVE-2018-10120