TL;DR; Upgrade to >= 5.4.6 or >= 6.0.2 https://www.libreoffice.org/about-us/security/advisories/CVE-2018-10119
CVE-2018-10119 Use After Free in Structured Storage parser Fixed in LibreOffice 5.4.5/6.0.1 LibreOffice before 5.4.5 and 6.x before 6.0.1 have a flaw in an edge case in processing the structured storage ole2 wrapper file format. A short datatype is used which can overflow resulting in a write to recently freed data https://www.libreoffice.org/about-us/security/advisories/CVE-2018-10120 CVE-2018-10120 Heap Buffer Overflow in MSWord Customizations parsing Fixed in: LibreOffice 5.4.6/6.0.2 LibreOffice before 5.4.6 and 6.x before 6.0.2 have a flaw in an edge case in processing a specific uncommon Microsoft Word record. An index into a dynamically allocated buffer is used without bounds checking. -- To unsubscribe e-mail to: discuss+unsubscr...@documentfoundation.org Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette List archive: https://listarchives.documentfoundation.org/www/discuss/ All messages sent to this list will be publicly archived and cannot be deleted
