CVE-2012-4233 — NULL Pointer Dereference in Libreoffice

CWE-476 — NULL Pointer Dereference6 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

2.5%

top 14.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libreoffice Debian Libreoffice

Timeline

PublishedNov 19

Latest updateMay 17

Description

LibreOffice 3.5.x before 3.5.7.2 and 3.6.x before 3.6.1, and OpenOffice.org (OOo), allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted (1) odt file to vcllo.dll, (2) ODG (Drawing document) file to svxcorelo.dll, (3) PolyPolygon record in a .wmf (Window Meta File) file embedded in a ppt (PowerPoint) file to tllo.dll, or (4) xls (Excel) file to scfiltlo.dll.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/libreoffice< libreoffice 1:3.5.4+dfsg-3 (bookworm)

▶Debianlibreoffice/libreoffice< 1:3.5.4+dfsg-3+3

▶NVDlibreoffice/libreoffice3.6+15

🔴Vulnerability Details

GHSA

GHSA-238c-g57x-fg8c: LibreOffice 3↗2022-05-17

▶

OSV

CVE-2012-4233: LibreOffice 3↗2012-11-19

▶

📋Vendor Advisories

Red Hat

libreoffice: multiple null pointer dereference flaws↗2012-10-31

▶

Debian

CVE-2012-4233: libreoffice - LibreOffice 3.5.x before 3.5.7.2 and 3.6.x before 3.6.1, and OpenOffice.org (OOo...↗2012

▶

💬Community

Bugzilla

CVE-2012-4233 libreoffice: multiple null pointer dereference flaws↗2012-11-01

▶