CVE-2015-5212

CWE-191CWE-190Integer Overflow11 documents9 sources
Severity
6.8MEDIUM
EPSS
49.6%
top 2.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Apache OpenofficeLibreoffice LibreofficeCanonical Ubuntu Linux+1 more
Timeline
PublishedNov 10
Latest updateMay 13

Description

Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted PrinterSetup data in an ODF document.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

Debianlibreoffice< 1:5.0.1~rc1-1+3

Also affects: Debian Linux 7.0, 8.0, Ubuntu Linux 12.04, 14.04, 15.04

🔴Vulnerability Details

4
GHSA
GHSA-3m69-8mpc-r6h3: Integer underflow in LibreOffice before 42022-05-13
CVEList
CVE-2015-5212: Integer underflow in LibreOffice before 42015-11-10
OSV
CVE-2015-5212: Integer underflow in LibreOffice before 42015-11-10
OSV
libreoffice vulnerabilities2015-11-05

💥Exploits & PoCs

1
Exploit-DB
SixApart MovableType < 5.2.12 - Storable Perl Code Execution (Metasploit)2015-02-11

📋Vendor Advisories

3
Ubuntu
LibreOffice vulnerabilities2015-11-05
Red Hat
libreoffice: Integer underflow in PrinterSetup length2015-11-04
Debian
CVE-2015-5212: libreoffice - Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2...2015

💬Community

2
Bugzilla
CVE-2015-5212 libreoffice: Integer underflow in PrinterSetup length2015-11-06
Bugzilla
CVE-2015-5212 libreoffice: Integer underflow in PrinterSetup length [fedora-all]2015-11-06
CVE-2015-5212 (MEDIUM CVSS 6.8) | Integer underflow in LibreOffice be | cvebase.io