CVE-2018-11790

EPSS 0.58%
Published 31.01.2019 16:29:00
Last modified 21.11.2024 03:44:02
Source security@apache.org
Teams watchlist Login
Open Login

When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Openoffice Version <= 4.1.5

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.58%	0.68

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-682 Incorrect Calculation

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

https://usn.ubuntu.com/3883-1/

Third Party Advisory

http://www.securityfocus.com/bid/106803

Third Party Advisory

VDB Entry

https://lists.apache.org/thread.html/7394e6b5f78a878bd0c44e9bc9adf90b8cdf49e9adc0f287145aba9b%40%3Ccommits.openoffice.apache.org%3E

https://www.openoffice.org/security/cves/CVE-2018-11790.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-11790

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-11790

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-11790

EUVD