CVE-2012-0037 (retired)

Priority
Description
Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and
3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other
products, allows user-assisted remote attackers to read arbitrary files via
a crafted XML external entity (XXE) declaration and reference in an RDF
document.
Notes
 jdstrand> Per Sweetchark, only a LibreOffice issue if using internal raptor
 jdstrand> Debian's patch for 1.4.21 from David Beckett based on patch sent to
  linux-distros@
 jdstrand> per RedHat, arbitrary code execution is possible as well
 jdstrand> 1.4.21-7 is claimed to be fixed in Debian. While a patch was added,
  the quilt series file was not updated so the patch was not applied.
Assigned-to
mdeslaur
Package
Upstream:released (3.4.6, 3.5.1)
More Information

Updated: 2019-03-26 11:59:49 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)