[email protected]CVE-2012-2334

HistoryJun 19, 2012 - 8:55 p.m.

CVE-2012-2334

2012-06-1920:55:06

CWE-189

[email protected]

web.nvd.nist.gov

cve-2012-2334

openoffice.org

libreoffice

integer overflow

denial of service

buffer overflow

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

High

0.039 Low

EPSS

Percentile

92.0%

JSON

Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the length of an Escher graphics record in a PowerPoint (.ppt) document, which triggers a buffer overflow.

Affected configurations

NVD

Node

apacheopenoffice.orgMatch3.3

apacheopenoffice.orgMatch3.4beta

Node

libreofficelibreofficeRange≤3.5.2

libreofficelibreofficeMatch3.3.0

libreofficelibreofficeMatch3.3.1

libreofficelibreofficeMatch3.3.2

libreofficelibreofficeMatch3.3.3

libreofficelibreofficeMatch3.3.4

libreofficelibreofficeMatch3.4.0

libreofficelibreofficeMatch3.4.1

libreofficelibreofficeMatch3.4.2

libreofficelibreofficeMatch3.4.5

libreofficelibreofficeMatch3.5

CPENameOperatorVersion
apache:openoffice.orgapache openoffice.orgeq3.3
apache:openoffice.orgapache openoffice.orgeq3.4

CPE	Name	Operator	Version
apache:openoffice.org	apache openoffice.org	eq	3.3
apache:openoffice.org	apache openoffice.org	eq	3.4

References

archives.neohapsis.com/archives/bugtraq/2012-05/0091.html

cgit.freedesktop.org/libreoffice/core/commit/?id=28a6558f9d3ca2dda3191f8b5b3f2378ee2533da

cgit.freedesktop.org/libreoffice/core/commit/?id=512401decb286ba0fc3031939b8f7de8649c502e

lists.fedoraproject.org/pipermail/package-announce/2012-June/082168.html

rhn.redhat.com/errata/RHSA-2012-0705.html

secunia.com/advisories/46992

secunia.com/advisories/47244

secunia.com/advisories/49373

secunia.com/advisories/49392

secunia.com/advisories/60799

securitytracker.com/id?1027070

www.debian.org/security/2012/dsa-2487

www.gentoo.org/security/en/glsa/glsa-201408-19.xml

www.libreoffice.org/advisories/cve-2012-2334/

www.mandriva.com/security/advisories?name=MDVSA-2012:090

www.mandriva.com/security/advisories?name=MDVSA-2012:091

www.openoffice.org/security/cves/CVE-2012-2334.html

www.openwall.com/lists/oss-security/2012/05/28/2

www.osvdb.org/82517

www.securityfocus.com/bid/53570

bugzilla.redhat.com/show_bug.cgi?id=821803

exchange.xforce.ibmcloud.com/vulnerabilities/75695

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

High

0.039 Low

EPSS

Percentile

92.0%

JSON

Related for CVE-2012-2334

seebug1 nvd1 debiancve1 securityvulns2 prion1 cvelist1 ubuntucve1 oraclelinux1 openvas20 centos1 nessus13 osv1 debian1 redhat1 ubuntu2 fedora2 gentoo1