CVE-2012-2665
Priority
Medium
Description
Multiple heap-based buffer overflows in the XML manifest encryption tag
parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow
remote attackers to cause a denial of service and possibly execute
arbitrary code via a crafted Open Document Text (.odt) file with (1) a
child tag within an incorrect parent tag, (2) duplicate tags, or (3) a
Base64 ChecksumAttribute whose length is not evenly divisible by four.
parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow
remote attackers to cause a denial of service and possibly execute
arbitrary code via a crafted Open Document Text (.odt) file with (1) a
child tag within an incorrect parent tag, (2) duplicate tags, or (3) a
Base64 ChecksumAttribute whose length is not evenly divisible by four.
References
Notes
jdstrand> watch out for potential regression in bug #51601
Package
| Upstream: | pending (3.5.5) |
| Ubuntu 8.04 LTS (Hardy Heron): | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
| Ubuntu 11.04 (Natty Narwhal): | released (1:3.3.4-0ubuntu1.4) |
| Ubuntu 11.10 (Oneiric Ocelot): | released (1:3.4.4-0ubuntu1.4) |
| Ubuntu 12.04 LTS (Precise Pangolin): | released (1:3.5.4-0ubuntu1.1) |
| Ubuntu 12.10 (Quantal Quetzal): | not-affected (1:3.6.0~rc4-0ubuntu3) |
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (1:3.2.0-7ubuntu4.4) |
| Ubuntu 11.04 (Natty Narwhal): | not-affected (transitional packages) |
| Ubuntu 11.10 (Oneiric Ocelot): | not-affected (transitional packages) |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected (transitional packages) |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |