CVE - CVE-2012-2665

CVE-ID
CVE-2012-2665	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1027331 URL:http://www.securitytracker.com/id?1027331 MISC:1027332 URL:http://www.securitytracker.com/id?1027332 MISC:50142 URL:http://secunia.com/advisories/50142 MISC:50146 URL:http://secunia.com/advisories/50146 MISC:50692 URL:http://secunia.com/advisories/50692 MISC:54769 URL:http://www.securityfocus.com/bid/54769 MISC:60799 URL:http://secunia.com/advisories/60799 MISC:DSA-2520 URL:http://www.debian.org/security/2012/dsa-2520 MISC:GLSA-201209-05 URL:http://security.gentoo.org/glsa/glsa-201209-05.xml MISC:GLSA-201408-19 URL:http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml MISC:RHSA-2012:1135 URL:http://rhn.redhat.com/errata/RHSA-2012-1135.html MISC:USN-1536-1 URL:http://www.ubuntu.com/usn/USN-1536-1 MISC:USN-1537-1 URL:http://www.ubuntu.com/usn/USN-1537-1 MISC:http://www.libreoffice.org/about-us/security/advisories/cve-2012-2665/ URL:http://www.libreoffice.org/about-us/security/advisories/cve-2012-2665/ MISC:http://www.pre-cert.de/advisories/PRE-SA-2012-05.txt URL:http://www.pre-cert.de/advisories/PRE-SA-2012-05.txt MISC:https://bugzilla.redhat.com/show_bug.cgi?id=826077 URL:https://bugzilla.redhat.com/show_bug.cgi?id=826077
Assigning CNA
Red Hat, Inc.
Date Record Created
20120514	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20120514)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)