You are here

CVE-2011-2713

Vincent (CVE) Danen's picture
oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted DOC file that triggers an out-of-bounds read in the DOC sprm parser.

Details Source

Mitre

Statement

This issue results in an OOB read which is not exploitable for arbitrary code execution and can simply cause a crash. We do not consider this as a security issue.

Public Date

2011-10-04 00:00:00

Impact

Moderate

Bugzilla

CVE-2011-2713 openoffice.org: Out-of-bounds read in DOC sprm parser

Bugzilla ID

725 668

CVSS Status

draft

Base Score

4.30

Base Metrics

AV:N/AC:M/Au:N/C:N/I:N/A:P

Acknowledgements

This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team.

CWE

CWE-125

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 openoffice.org Affected
Red Hat Enterprise Linux 5 openoffice.org Affected
Red Hat Enterprise Linux 4 openoffice.org Affected