CVE-2011-2713
Published: 21 October 2011
oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted DOC file that triggers an out-of-bounds read in the DOC sprm parser.
Notes
Author | Note |
---|---|
mdeslaur | may simply be a DoS and is not a security issue, see redhat bug |
jdstrand | per researcher, only a DoS |
Priority
Status
Package | Release | Status |
---|---|---|
libreoffice Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Not vulnerable
(1:3.3.4-0ubuntu1)
|
|
oneiric |
Not vulnerable
(1:3.4.3-3ubuntu2)
|
|
precise |
Not vulnerable
(1:3.4.3-3ubuntu2)
|
|
upstream |
Released
(3.3.4,3.4.3)
|
|
openoffice.org Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(1:3.2.0-7ubuntu4.3)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Not vulnerable
(transitional packages)
|
|
oneiric |
Not vulnerable
(transitional packages)
|
|
precise |
Not vulnerable
(transitional packages)
|
|
upstream |
Needs triage
|
|
Patches: vendor: http://www.debian.org/security/2011/dsa-2315 other: https://bugzilla.redhat.com/attachment.cgi?id=523579 |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2713
- http://lwn.net/Articles/461694/
- http://www.debian.org/security/2011/dsa-2315
- http://www.libreoffice.org/advisories/CVE-2011-2713/
- http://nabble.documentfoundation.org/The-Document-Foundation-publishes-details-of-LibreOffice-3-4-3-security-fixes-td3396089.html
- https://ubuntu.com/security/notices/USN-1496-1
- NVD
- Launchpad
- Debian