Launchpad CVE tracker

CVE 2012-2665

Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four.

Related bugs and status

CVE-2012-2665 (Candidate) is related to these bugs:

Bug #585910: [Upstream] Impress Font fuzzy in presentation mode when Use hardware acceleration enabled

		In	Importance	Status
585910	[Upstream] Impress Font fuzzy in presentation mode when Use hardware acceleration enabled	OpenOffice	Medium	Invalid
585910	[Upstream] Impress Font fuzzy in presentation mode when Use hardware acceleration enabled	libreoffice (Ubuntu)	Medium	Fix Released
585910	[Upstream] Impress Font fuzzy in presentation mode when Use hardware acceleration enabled	LibreOffice	Critical	Fix Released
585910	[Upstream] Impress Font fuzzy in presentation mode when Use hardware acceleration enabled	libreoffice (Ubuntu Precise)	Undecided	Fix Released
585910	[Upstream] Impress Font fuzzy in presentation mode when Use hardware acceleration enabled	libreoffice (Ubuntu Quantal)	Undecided	Won't Fix

Bug #1020040: LibreOffice needs a update to 3.5.5 on precise

Summary				In	Importance	Status
	1020040	LibreOffice needs a update to 3.5.5 on precise		libreoffice (Ubuntu)	Undecided	Fix Released

Bug #1037111: [SRU] LibreOffice 3.5.7 for precise

Summary				In	Importance	Status
	1037111	[SRU] LibreOffice 3.5.7 for precise		libreoffice (Ubuntu)	High	Fix Released
	1037111	[SRU] LibreOffice 3.5.7 for precise		libreoffice (Ubuntu Precise)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-2665

References