Computer Security
[EN] securityvulns.ru no-pyccku


OpenOffice multiple security vulnerabilities
Published:21.05.2012
Source:
SecurityVulns ID:12384
Type:client
Threat Level:
5/10
Description:Multiple memory corruptions.
Affected:APACHE : OpenOffice 3.3
 LIBREOFFICE : LibreOffice 3.5
CVE:CVE-2012-2334 (Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the length of an Escher graphics record in a PowerPoint (.ppt) document, which triggers a buffer overflow.)
 CVE-2012-2149 (The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used. NOTE: some sources report this issue as an integer overflow.)
 CVE-2012-1149 (Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow.)
Original documentdocumentAPACHE, CVE-2012-2334 Vulnerabilities related to malformed Powerpoint files in OpenOffice.org 3.3.0 (21.05.2012)
 documentAPACHE, CVE-2012-2149 OpenOffice.org memory overwrite vulnerability (21.05.2012)
 documentAPACHE, CVE-2012-1149 OpenOffice.org integer overflow error in vclmi.dll module when allocating memory for an embedded image object (21.05.2012)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20120518 :: Memory overwrite vulnerability in libwpd (OpenOffice.org) - CVE-2012-2149 (21.05.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod