CVE-2012-2665
openoffice.org - Multiple heap-based buffer overflows
EPSS 5.4%
Description
Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four.
How to fix CVE-2012-2665
To remediate CVE-2012-2665, upgrade the affected package to a fixed version below.
- Debian/libreoffice—upgrade to 1:3.5.4-7 or later
- —upgrade to 1:3.2.1-11+squeeze7 or later
Is CVE-2012-2665 being exploited?
Moderate — EPSS is 5.4%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1:3.5.4-7
- from 0, < 1:3.2.1-11+squeeze7