CVE-2011-2713

CWE-119 — Buffer Overflow CWE-125 — Out-of-bounds Read8 documents8 sources

Severity

4.3MEDIUM

EPSS

1.5%

top 18.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libreoffice Libreoffice SUN Openoffice.org

Timeline

PublishedOct 21

Latest updateMay 17

Description

oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted DOC file that triggers an out-of-bounds read in the DOC sprm parser.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶Debianlibreoffice< 1:3.4.3-1+3

▶NVDlibreoffice/libreoffice3.4.2+7

▶NVDsun/openoffice.org3.3.0

Patches

Patch: lists.fedoraproject.org ↗Patch: bugzilla.redhat.com ↗Patch: lists.fedoraproject.org ↗

🔴Vulnerability Details

GHSA

GHSA-49qr-m4m5-4m8j: oowriter in OpenOffice↗2022-05-17

▶

CVEList

CVE-2011-2713: oowriter in OpenOffice↗2011-10-21

▶

OSV

CVE-2011-2713: oowriter in OpenOffice↗2011-10-21

▶

📋Vendor Advisories

Ubuntu

OpenOffice.org vulnerabilities↗2012-07-02

▶

Red Hat

openoffice.org: Out-of-bounds read in DOC sprm parser↗2011-10-04

▶

Debian

CVE-2011-2713: libreoffice - oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows user-assist...↗2011

▶

💬Community

Bugzilla

CVE-2011-2713 openoffice.org: Out-of-bounds read in DOC sprm parser↗2011-07-26

▶