CVE-2012-2334
published 2012-06-19CVE-2012-2334: Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows…
PriorityP339medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
13.04%
95.9th percentile
Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the length of an Escher graphics record in a PowerPoint (.ppt) document, which triggers a buffer overflow.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | openoffice.org | — | — |
| apache | openoffice.org | — | — |
| debian | libreoffice | < libreoffice 1:3.5.2~rc2-1 (bookworm) | libreoffice 1:3.5.2~rc2-1 (bookworm) |
| libreoffice | libreoffice | <= 3.5.2 | — |
| libreoffice | libreoffice | — | — |
| libreoffice | libreoffice | — | — |
| libreoffice | libreoffice | — | — |
| libreoffice | libreoffice | — | — |
| libreoffice | libreoffice | — | — |
| libreoffice | libreoffice | — | — |
| libreoffice | libreoffice | — | — |
| libreoffice | libreoffice | — | — |
| libreoffice | libreoffice | — | — |
| libreoffice | libreoffice | — | — |
| libreoffice | libreoffice | >= 0 < 1:3.5.2~rc2-1 | 1:3.5.2~rc2-1 |
| libreoffice | libreoffice | >= 0 < 1:3.5.2~rc2-1 | 1:3.5.2~rc2-1 |
| libreoffice | libreoffice | >= 0 < 1:3.5.2~rc2-1 | 1:3.5.2~rc2-1 |
| libreoffice | libreoffice | >= 0 < 1:3.5.2~rc2-1 | 1:3.5.2~rc2-1 |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_ubuntu9.3CRITICAL
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pw69-whjp-72c8: Integer overflow in filter/source/msfilter/msdffimp
ghsa_unreviewed·2022-05-17
CVE-2012-2334 [MEDIUM] GHSA-pw69-whjp-72c8: Integer overflow in filter/source/msfilter/msdffimp
Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the length of an Escher graphics record in a PowerPoint (.ppt) document, which triggers a buffer overflow.
OSV
CVE-2012-2334: Integer overflow in filter/source/msfilter/msdffimp
osv·2012-06-19·CVSS 6.8
CVE-2012-2334 [MEDIUM] CVE-2012-2334: Integer overflow in filter/source/msfilter/msdffimp
Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the length of an Escher graphics record in a PowerPoint (.ppt) document, which triggers a buffer overflow.
Ubuntu
OpenOffice.org vulnerabilities
vendor_ubuntu·2012-07-02·CVSS 9.3
CVE-2011-2685 [CRITICAL] OpenOffice.org vulnerabilities
Title: OpenOffice.org vulnerabilities
Summary: OpenOffice.org could be made to crash or potentially run programs as your
login if it opened a specially crafted file.
A stack-based buffer overflow was discovered in the Lotus Word Pro import
filter in OpenOffice.org. The default compiler options for affected
releases should reduce the vulnerability to a denial of service.
(CVE-2011-2685)
Huzaifa Sidhpurwala discovered that OpenOffice.org could be made to crash
if it opened a specially crafted Word document. (CVE-2011-2713)
Integer overflows were discovered in the graphics loading code of several
different image types. If a user were tricked into opening a specially
crafted file, an attacker could cause OpenOffice.org to crash or possibly
execute arbitrary code with the privileges of the
Ubuntu
LibreOffice vulnerabilities
vendor_ubuntu·2012-07-02·CVSS 7.5
CVE-2012-1149 [HIGH] LibreOffice vulnerabilities
Title: LibreOffice vulnerabilities
Summary: LibreOffice could be made to crash or potentially run programs as your
login if it opened a specially crafted file.
Integer overflows were discovered in the graphics loading code of several
different image types. If a user were tricked into opening a specially
crafted file, an attacker could cause LibreOffice to crash or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2012-1149)
Sven Jacobi discovered an integer overflow when processing Escher graphics
records. If a user were tricked into opening a specially crafted PowerPoint
file, an attacker could cause LibreOffice to crash or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2012-2334)
Instructions: After
Red Hat
libreoffice: Integer overflow leading to buffer overflow by processing invalid Escher graphics records length in the Powerpoint documents
vendor_redhat·2012-05-16·CVSS 6.8
CVE-2012-2334 [MEDIUM] CWE-190 libreoffice: Integer overflow leading to buffer overflow by processing invalid Escher graphics records length in the Powerpoint documents
libreoffice: Integer overflow leading to buffer overflow by processing invalid Escher graphics records length in the Powerpoint documents
Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the length of an Escher graphics record in a PowerPoint (.ppt) document, which triggers a buffer overflow.
Debian
CVE-2012-2334: libreoffice - Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) ...
vendor_debian·2012·CVSS 6.8
CVE-2012-2334 [MEDIUM] CVE-2012-2334: libreoffice - Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) ...
Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the length of an Escher graphics record in a PowerPoint (.ppt) document, which triggers a buffer overflow.
Scope: local
bookworm: resolved (fixed in 1:3.5.2~rc2-1)
bullseye: resolved (fixed in 1:3.5.2~rc2-1)
forky: resolved (fixed in 1:3.5.2~rc2-1)
sid: resolved (fixed in 1:3.5.2~rc2-1)
trixie: resolved (fixed in 1:3.5.2~rc2-1)
No detection rules found.
No public exploits indexed.
http://archives.neohapsis.com/archives/bugtraq/2012-05/0091.htmlhttp://cgit.freedesktop.org/libreoffice/core/commit/?id=28a6558f9d3ca2dda3191f8b5b3f2378ee2533dahttp://cgit.freedesktop.org/libreoffice/core/commit/?id=512401decb286ba0fc3031939b8f7de8649c502ehttp://lists.fedoraproject.org/pipermail/package-announce/2012-June/082168.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0705.htmlhttp://secunia.com/advisories/46992http://secunia.com/advisories/47244http://secunia.com/advisories/49373http://secunia.com/advisories/49392http://secunia.com/advisories/60799http://securitytracker.com/id?1027070http://www.debian.org/security/2012/dsa-2487http://www.gentoo.org/security/en/glsa/glsa-201408-19.xmlhttp://www.libreoffice.org/advisories/cve-2012-2334/http://www.mandriva.com/security/advisories?name=MDVSA-2012:090http://www.mandriva.com/security/advisories?name=MDVSA-2012:091http://www.openoffice.org/security/cves/CVE-2012-2334.htmlhttp://www.openwall.com/lists/oss-security/2012/05/28/2http://www.osvdb.org/82517http://www.securityfocus.com/bid/53570https://bugzilla.redhat.com/show_bug.cgi?id=821803https://exchange.xforce.ibmcloud.com/vulnerabilities/75695http://archives.neohapsis.com/archives/bugtraq/2012-05/0091.htmlhttp://cgit.freedesktop.org/libreoffice/core/commit/?id=28a6558f9d3ca2dda3191f8b5b3f2378ee2533dahttp://cgit.freedesktop.org/libreoffice/core/commit/?id=512401decb286ba0fc3031939b8f7de8649c502ehttp://lists.fedoraproject.org/pipermail/package-announce/2012-June/082168.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0705.htmlhttp://secunia.com/advisories/46992http://secunia.com/advisories/47244http://secunia.com/advisories/49373http://secunia.com/advisories/49392http://secunia.com/advisories/60799http://securitytracker.com/id?1027070http://www.debian.org/security/2012/dsa-2487http://www.gentoo.org/security/en/glsa/glsa-201408-19.xmlhttp://www.libreoffice.org/advisories/cve-2012-2334/http://www.mandriva.com/security/advisories?name=MDVSA-2012:090http://www.mandriva.com/security/advisories?name=MDVSA-2012:091http://www.openoffice.org/security/cves/CVE-2012-2334.htmlhttp://www.openwall.com/lists/oss-security/2012/05/28/2http://www.osvdb.org/82517http://www.securityfocus.com/bid/53570https://bugzilla.redhat.com/show_bug.cgi?id=821803https://exchange.xforce.ibmcloud.com/vulnerabilities/75695
2012-06-19
Published