CVE-2011-2685 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Libreoffice

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121 — Stack-based Buffer Overflow7 documents7 sources

Severity

9.3CRITICALNVD

EPSS

13.9%

top 5.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libreoffice Debian Libreoffice

Timeline

PublishedJul 21

Latest updateMay 17

Description

Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary code via a crafted .lwp file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/libreoffice< libreoffice 1:3.3.3-1 (bookworm)

▶Debianlibreoffice/libreoffice< 1:3.3.3-1+3

▶NVDlibreoffice/libreoffice3.3.2+2

Patches

Patch: cgit.freedesktop.org ↗Patch: cgit.freedesktop.org ↗Patch: www.kb.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-6mj6-f4j4-fwcx: Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3↗2022-05-17

▶

OSV

CVE-2011-2685: Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3↗2011-07-21

▶

📋Vendor Advisories

Ubuntu

OpenOffice.org vulnerabilities↗2012-07-02

▶

Red Hat

filter): Multiple stack buffer overflows when processing certain LWP files (VU#953183)↗2011-06-22

▶

Debian

CVE-2011-2685: libreoffice - Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice b...↗2011

▶

💬Community

Bugzilla

CVE-2011-2685 libreoffice (Lotus Word Pro filter): Multiple stack buffer overflows when processing certain LWP files (VU#953183)↗2011-07-08

▶