What is CVE-2016-0795?

CVE-2016-0795 is a high-severity vulnerability in Libreoffice, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.8/10. Published 2016-02-18.

How severe is CVE-2016-0795?

High severity. CVSS v3 base score is 7.8 out of 10.

Buffer overflow in Libreoffice

CVE-2016-0795

LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro (lwp) document.

Vulnerability class: Buffer Overflow

EPSS: 0.006 (69.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Libreoffice
Canonical Ubuntu_linux — versions 12.04, 14.04, 15.10
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

20160217 Multiple Vendor LibreOffice Writer Lotus Word Pro 'TocSuperLayout' Buffer Overflow Vulnerability (x_refsource_IDEFENSE, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
openSUSE-SU-2016:1415 (vendor-advisory, x_refsource_SUSE)
openSUSE-SU-2016:1805 (vendor-advisory, x_refsource_SUSE)
FEDORA-2016-962c0d156d (x_refsource_FEDORA, vendor-advisory)
1035022 (vdb-entry, x_refsource_SECTRACK)
RHSA-2016:2579 (x_refsource_REDHAT, vendor-advisory)
DSA-3482 (vendor-advisory, x_refsource_DEBIAN)
USN-2899-1 (x_refsource_UBUNTU, vendor-advisory)

Frequently asked questions

What is CVE-2016-0795?: CVE-2016-0795 is a high-severity vulnerability in Libreoffice, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.8/10. Published 2016-02-18.
How severe is CVE-2016-0795?: High severity. CVSS v3 base score is 7.8 out of 10.