4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.041 Low
EPSS
Percentile
92.1%
oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows
user-assisted remote attackers to cause a denial of service (crash) via a
crafted DOC file that triggers an out-of-bounds read in the DOC sprm
parser.
Author | Note |
---|---|
mdeslaur | may simply be a DoS and is not a security issue, see redhat bug |
jdstrand | per researcher, only a DoS |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | openoffice.org | <ย 1:3.2.0-7ubuntu4.3 | UNKNOWN |
lwn.net/Articles/461694/
nabble.documentfoundation.org/The-Document-Foundation-publishes-details-of-LibreOffice-3-4-3-security-fixes-td3396089.html
www.debian.org/security/2011/dsa-2315
www.libreoffice.org/advisories/CVE-2011-2713/
launchpad.net/bugs/cve/CVE-2011-2713
nvd.nist.gov/vuln/detail/CVE-2011-2713
security-tracker.debian.org/tracker/CVE-2011-2713
ubuntu.com/security/notices/USN-1496-1
www.cve.org/CVERecord?id=CVE-2011-2713