Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2012-2665

Published: 1 August 2012

Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four.

Notes

AuthorNote
jdstrand
watch out for potential regression in bug #51601

Priority

Medium

Status

Package Release Status
libreoffice
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

natty
Released (1:3.3.4-0ubuntu1.4)
oneiric
Released (1:3.4.4-0ubuntu1.4)
precise
Released (1:3.5.4-0ubuntu1.1)
upstream Pending
(3.5.5)
openoffice.org
Launchpad, Ubuntu, Debian
hardy Ignored
(end of life)
lucid
Released (1:3.2.0-7ubuntu4.4)
natty Not vulnerable
(transitional packages)
oneiric Not vulnerable
(transitional packages)
precise Not vulnerable
(transitional packages)
upstream Needs triage