CVE-2013-2189

CWE-787 — Out-of-bounds Write7 documents7 sources

Severity

6.8MEDIUM

EPSS

1.2%

top 20.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Openoffice

Timeline

PublishedJul 31

Latest updateMay 13

Description

Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDapache/openoffice< 4.0.0

▶Debianlibreoffice< 1:3.4.3-1+3

Patches

Patch: www.openoffice.org ↗Patch: www.openoffice.org ↗

🔴Vulnerability Details

GHSA

GHSA-wvh2-2jp3-fx4r: Apache OpenOffice↗2022-05-13

▶

OSV

CVE-2013-2189: Apache OpenOffice↗2013-07-31

▶

CVEList

CVE-2013-2189: Apache OpenOffice↗2013-07-31

▶

📋Vendor Advisories

Red Hat

libreoffice: Memory corruption when parsing invalid PLCF data by processing certain DOC files↗2013-07-26

▶

Debian

CVE-2013-2189: libreoffice - Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial...↗2013

▶

💬Community

Bugzilla

CVE-2013-2189 openoffice.org, libreoffice: Memory corruption when parsing invalid PLCF data by processing certain DOC files↗2013-07-26

▶