14 matches found
SUSE CVE-2010-3451
Use-after-free vulnerability in oowriter in OpenOffice.org OOo 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via malformed tables in an RTF document...
Mandriva Linux Security Advisory : libreoffice (MDVSA-2011:172)
Multiple vulnerabilies has been discovered and corrected in libreoffice : Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary code via a crafted .lwp file CVE-2011-2685. oowriter in OpenOffice.org 3.3.0 and...
Out-of-bounds
oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows user-assisted remote attackers to cause a denial of service crash via a crafted DOC file that triggers an out-of-bounds read in the DOC sprm parser...
CVE-2011-2713
oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows user-assisted remote attackers to cause a denial of service crash via a crafted DOC file that triggers an out-of-bounds read in the DOC sprm parser...
CVE-2011-2713
oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows user-assisted remote attackers to cause a denial of service crash via a crafted DOC file that triggers an out-of-bounds read in the DOC sprm parser...
CVE-2011-2713
oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows user-assisted remote attackers to cause a denial of service crash via a crafted DOC file that triggers an out-of-bounds read in the DOC sprm parser...
Out-of-bounds
The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org OOo 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service...
CVE-2010-3453
CVE-2010-3453 affects OpenOffice.org upstream: WW8ListManager in oowriter handles Word .DOC WW8 list data; root cause is an out-of-bounds/heap write due to an unspecified list levels count in user-defined styles. Affected products are OpenOffice.org 2.x and 3.x prior to 3.3. Consequences include ...
OpenOffice.org: Integer signedness error (crash) by processing certain RTF tags
Use-after-free vulnerability in oowriter in OpenOffice.org OOo 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via crafted tags in an RTF document...
OpenOffice.org: Array index error by insecure parsing of broken rtf tables
Use-after-free vulnerability in oowriter in OpenOffice.org OOo 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via malformed tables in an RTF document...
OpenOffice.org: Integer signedness error (crash) by processing certain RTF tags
Use-after-free vulnerability in oowriter in OpenOffice.org OOo 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via crafted tags in an RTF document...
OpenOffice.org: Integer signedness error (crash) by processing certain RTF tags
Use-after-free vulnerability in oowriter in OpenOffice.org OOo 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via crafted tags in an RTF document...
OpenOffice.org: Array index error by scanning document typography information of certain *.doc files
Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org OOo 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC fi...
OpenOffice.org: Array index error by insecure parsing of broken rtf tables
Use-after-free vulnerability in oowriter in OpenOffice.org OOo 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via malformed tables in an RTF document...