CVE-2016-1513
https://notcve.org/view.php?id=CVE-2016-1513
The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) ODP or (2) OTP file. La herramienta Impress en Apache OpenOffice 4.1.2 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (lectura o escritura fuera de rango) o ejecutar código arbitrario a través de MetaActions manipuladas en un archivo (1) ODP o (2) OTP. • http://www.openoffice.org/security/cves/CVE-2016-1513.html http://www.securityfocus.com/bid/92079 http://www.securitytracker.com/id/1036443 http://www.talosintelligence.com/reports/TALOS-2016-0051 http://www.ubuntu.com/usn/USN-3046-1 https://bz.apache.org/ooo/show_bug.cgi?id=127045 https://security.gentoo.org/glsa/201703-01 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVE-2015-5212 – libreoffice: Integer underflow in PrinterSetup length
https://notcve.org/view.php?id=CVE-2015-5212
Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted PrinterSetup data in an ODF document. Desbordamiento de entero en LibreOffice en versiones anteriores a 4.4.5 y Apache OpenOffice en versiones anteriores a 4.1.2, cuando está habilitado el ajuste de configuración 'Load printer settings with the document', permite a atacantes remotos causar una denegación de servicio (consumo de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de datos PrinterSetup manipulados en un documento ODF. An integer underflow flaw leading to a heap-based buffer overflow when parsing PrinterSetup data was discovered. By tricking a user into opening a specially crafted document, an attacker could possibly exploit this flaw to execute arbitrary code with the privileges of the user opening the file. • http://rhn.redhat.com/errata/RHSA-2015-2619.html http://www.debian.org/security/2015/dsa-3394 http://www.libreoffice.org/about-us/security/advisories/cve-2015-5212 http://www.openoffice.org/security/cves/CVE-2015-5212.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/77486 http://www.securitytracker.com/id/1034085 http://www.securitytracker.com/id/1034091 http://www.ubuntu.com/usn/USN-2793-1 https://s • CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound) •
CVE-2015-5214 – libreoffice: Bookmarks in DOC documents are insufficiently checked causing memory corruption
https://notcve.org/view.php?id=CVE-2015-5214
LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file. LibreOffice en versiones anteriores a 4.4.6 y 5.x en versiones anteriores a 5.0.1 y Apache OpenOffice en versiones anteriores a 4.1.2 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de la aplicación) o ejecutar código arbitrario a través de un índice a un marcador inexistente en un documento DOC. It was discovered that LibreOffice did not properly sanity check bookmark indexes. By tricking a user into opening a specially crafted document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. • http://rhn.redhat.com/errata/RHSA-2015-2619.html http://www.debian.org/security/2015/dsa-3394 http://www.libreoffice.org/about-us/security/advisories/cve-2015-5214 http://www.openoffice.org/security/cves/CVE-2015-5214.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/77486 http://www.securitytracker.com/id/1034086 http://www.securitytracker.com/id/1034091 http://www.ubuntu.com/usn/USN-2793-1 https://s • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-129: Improper Validation of Array Index •
CVE-2015-4551 – libreoffice: Arbitrary file disclosure in Calc and Writer
https://notcve.org/view.php?id=CVE-2015-4551
LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from local files into (1) Calc or (2) Writer. LibreOffice en versiones anteriores a 4.4.5 y Apache OpenOffice en versiones anteriores a 4.1.2 usa la información de configuración LinkUpdateMode almacenada en archivos OpenDocument Format y plantillas cuando maneja enlaces, lo que podría permitir a atacantes remotos obtener información sensible a través de un documento manipulado, lo que incrusta datos desde archivos locales a (1) Calc o (2) Writer. It was discovered that LibreOffice did not properly restrict automatic link updates. By tricking a victim into opening specially crafted documents, an attacker could possibly use this flaw to disclose contents of files accessible by the victim. • http://rhn.redhat.com/errata/RHSA-2015-2619.html http://www.debian.org/security/2015/dsa-3394 http://www.libreoffice.org/about-us/security/advisories/cve-2015-4551 http://www.openoffice.org/security/cves/CVE-2015-4551.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/77486 http://www.securitytracker.com/id/1034085 http://www.securitytracker.com/id/1034091 http://www.ubuntu.com/usn/USN-2793-1 https://s • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-787: Out-of-bounds Write •
CVE-2015-5213 – libreoffice: Integer overflow in DOC files
https://notcve.org/view.php?id=CVE-2015-5213
Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a long DOC file, which triggers a buffer overflow. Desbordamiento de entero en LibreOffice en versiones anteriores a 4.4.5 y Apache OpenOffice en versiones anteriores a 4.1.2 permite a atacantes remotos causar una denegación de servicio (consumo de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de un archivo DOC extenso, lo que desencadena un desbordamiento de buffer. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way LibreOffice processed certain Microsoft Word .doc files. By tricking a user into opening a specially crafted Microsoft Word .doc document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. • http://rhn.redhat.com/errata/RHSA-2015-2619.html http://www.debian.org/security/2015/dsa-3394 http://www.libreoffice.org/about-us/security/advisories/cve-2015-5213 http://www.openoffice.org/security/cves/CVE-2015-5213.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/77486 http://www.securitytracker.com/id/1034085 http://www.securitytracker.com/id/1034091 http://www.ubuntu.com/usn/USN-2793-1 https://s • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •