Title: CVE-2013-4156: Microsoft .docm Denial Of Service

Announced: July 26 2013

Fixed in: LibreOffice 3.6.7/4.0.4


A denial of service flaw was found in the .docm import filter of LibreOffice. An attacker cound create a specially-crafted file in the .docm file format which when loaded would immediately terminate the application through a NULL dereference.

Thanks to Jeremy Brown of Microsoft Vulnerability Research for reporting this flaw. Users are recommended to upgrade to 3.6.7, 4.0.4 or 4.1.0 to avoid this flaw.