CVE-2012-2665

Currently unrated

Key Information:

Vendor: Apache
Status: Openoffice; Libreoffice
Vendor: CVE Published:; 6 August 2012

Summary

Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four.

References

http://secunia.com/advisories/60799

third-party-advisoryx_refsource_SECUNIA

http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml

vendor-advisoryx_refsource_GENTOO

http://security.gentoo.org/glsa/glsa-201209-05.xml

vendor-advisoryx_refsource_GENTOO

EPSS Score

33% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 6, 2012
Vulnerability Reserved
May 14, 2012