CVE-2012-2665

Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four.

Published: Aug 6, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-2665
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
apache / openoffice	-	3.4.1
libreoffice / libreoffice	-	3.5.5
redhat / enterprise_linux	6.0	6.0.x
canonical / ubuntu_linux	11.04	11.04.x
redhat / enterprise_linux_server_from_rhui_6	6.0	6.0.x
redhat / enterprise_linux_for_ibm_z_systems	6.0	6.0.x
canonical / ubuntu_linux	11.10	11.10.x
debian / debian_linux	7.0	7.0.x
debian / debian_linux	6.0	6.0.x
redhat / enterprise_linux_desktop	6.0	6.0.x
redhat / enterprise_linux_server	6.0	6.0.x
redhat / enterprise_linux_for_power_big_endian	6.0	6.0.x
redhat / enterprise_linux_workstation	6.0	6.0.x
canonical / ubuntu_linux	10.04	10.04.x
canonical / ubuntu_linux	12.04	12.04.x

Vulnerability Database

289,599

CVE-2012-2665