CVE-2012-2665

2012-08-0618:55:00

CWE-787

[email protected]

web.nvd.nist.gov

cve-2012-2665

xml

manifest

encryption

buffer overflow

openoffice

libreoffice

denial of service

arbitrary code

nvd

7.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.041 Low

EPSS

Percentile

92.1%

JSON

Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four.

CPENameOperatorVersion
apache:openofficeapache openofficelt3.4.1
libreoffice:libreofficelibreofficelt3.5.5
redhat:enterprise_linuxredhat enterprise linuxeq6.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq11.04
redhat:enterprise_linux_server_from_rhui_6redhat enterprise linux server from rhui 6eq6.0
redhat:enterprise_linux_for_ibm_z_systemsredhat enterprise linux for ibm z systemseq6.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq11.10
debian:debian_linuxdebian debian linuxeq7.0
debian:debian_linuxdebian debian linuxeq6.0
redhat:enterprise_linux_desktopredhat enterprise linux desktopeq6.0

CPE	Name	Operator	Version
apache:openoffice	apache openoffice	lt	3.4.1
libreoffice:libreoffice	libreoffice	lt	3.5.5
redhat:enterprise_linux	redhat enterprise linux	eq	6.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	11.04
redhat:enterprise_linux_server_from_rhui_6	redhat enterprise linux server from rhui 6	eq	6.0
redhat:enterprise_linux_for_ibm_z_systems	redhat enterprise linux for ibm z systems	eq	6.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	11.10
debian:debian_linux	debian debian linux	eq	7.0
debian:debian_linux	debian debian linux	eq	6.0
redhat:enterprise_linux_desktop	redhat enterprise linux desktop	eq	6.0