CVE-2012-2665
Severity
7.5HIGH
EPSS
5.0%
top 10.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 6
Latest updateMay 13
Description
Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four.
CVSS vector
AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4
Affected Packages6 packages
Also affects: Debian Linux 6.0, 7.0, Ubuntu Linux 10.04, 11.04, 11.10, 12.04, Enterprise Linux 6.0
🔴Vulnerability Details
3GHSA▶
GHSA-36hh-vpg6-r82h: Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice↗2022-05-13
CVEList▶
CVE-2012-2665: Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice↗2012-08-06
OSV▶
CVE-2012-2665: Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice↗2012-08-06
📋Vendor Advisories
4💬Community
2Bugzilla▶
CVE-2012-2665 openoffice.org, libreoffice: Multiple heap-based buffer overflows in the XML manifest encryption handling code [fedora-all]↗2012-08-01
Bugzilla▶
CVE-2012-2665 openoffice.org, libreoffice: Multiple heap-based buffer overflows in the XML manifest encryption handling code↗2012-05-29