https://bugs.documentfoundation.org/show_bug.cgi?id=86879
Enrico Zini <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|major |normal --- Comment #23 from Enrico Zini <[email protected]> --- I can still reproduce the issue with the version of Libreoffice in Debian Bookworm, and I have no access to newer versions: Version: 7.4.7.2 / LibreOffice Community Build ID: 40(Build:2) CPU threads: 4; OS: Linux 6.1; UI render: default; VCL: gtk3 Locale: en-IE (en_IE.UTF-8); UI: en-US Debian package version: 4:7.4.7-1+deb12u4 Calc: threaded Reproducing this issue is trivial: run lowriter crash.doc Even if the .doc file is invalid, libreoffice should refuse to open it instead of entering an infinite busy-loop. This could potentially be remotely exploited for DoS attacks for sites that use libreoffice as a backend for conversion of user-provided documents, as it can be reproduced with: loffice --headless --convert-to txt:Text crash.doc I am not however knowledgeable enough of the triaging process to make this an issue of major importance. It's becoming rather frustrating to revalidate this issue, trivially reproducible after 10 years, while the bot regularly attempts to close it. -- You are receiving this mail because: You are the assignee for the bug.
