CVE-2014-3524
https://notcve.org/view.php?id=CVE-2014-3524
Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet. Apache OpenOffice anterior a 4.1.1 permite a atacantes remotos ejecutar comandos arbitrarios y posiblemente tener otro impacto no especificado a través de una hoja de cálculo Calc manipulada. • http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced http://secunia.com/advisories/59600 http://secunia.com/advisories/59877 http://secunia.com/advisories/60235 http://www.openoffice.org/security/cves/CVE-2014-3524.html http://www.securityfocus.com/archive/1/533200/100/0/threaded http://www.securityfocus.com/bid/69351 http://www.securitytracker.com/id/1030755 https://exchange.xforce.ibmcloud.com/vulnerabilities/95421 https://security.gentoo.org/glsa/2016 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2012-4233 – LibreOffice Suite 3.5.5.3 Denial Of Service
https://notcve.org/view.php?id=CVE-2012-4233
LibreOffice 3.5.x before 3.5.7.2 and 3.6.x before 3.6.1, and OpenOffice.org (OOo), allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted (1) odt file to vcllo.dll, (2) ODG (Drawing document) file to svxcorelo.dll, (3) PolyPolygon record in a .wmf (Window Meta File) file embedded in a ppt (PowerPoint) file to tllo.dll, or (4) xls (Excel) file to scfiltlo.dll. LibreOffice v3.5.x antes de v3.5.7.2 y v3.6.x antes de v3.6.1, y OpenOffice.org (OOo), permite a atacantes remotos provocar una denegación de servicio (desreferencia puntero NULL) a través de un archivo manipulado(1) odt a vcllo.dll, (2) .ODG (documento de dibujo) a svxcorelo.dll, (3) un registro PolyPolygon en un archivo.wmf (Window Meta File) incrustado en un archivo ppt (PowerPoint) a tllo.dll o (4) un archivo xls (Excel) a scfiltlo.dll. • http://cgit.freedesktop.org/libreoffice/binfilter/commit/?h=libreoffice-3-5-7&id=7e22ee55ffc9743692f3ddb93e59dd4427029c5b http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5-7&id=44bc6b5cac723b52df40fbef026e99b7119d8a69 http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5-7&id=6789ec4c1a9c6af84bd62e650a03226a46365d97 http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5-7&id=8ca9fb05c9967f11670d045886438ddfa3ac02a7 http://lists.opensuse.org/opensuse-updates/2012-11/msg00039.html http: •
CVE-2012-2665 – libreoffice: Multiple heap-based buffer overflows in the XML manifest encryption handling code
https://notcve.org/view.php?id=CVE-2012-2665
Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four. Múltiples desbordamientos de bufer basado en en la funcionalidad de cifrado de manifiesto XML en la etiqueta en OpenOffice.org y LibreOffice anterior a v3.5.5 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario a través de un Documento de texto diseñado (. Odt) con el archivo(1) una etiqueta de niño dentro de una etiqueta principal incorrecta, (2) duplicar los tags, o (3) un ChecksumAttribute Base64 cuya longitud no es divisible por cuatro. • http://rhn.redhat.com/errata/RHSA-2012-1135.html http://secunia.com/advisories/50142 http://secunia.com/advisories/50146 http://secunia.com/advisories/50692 http://secunia.com/advisories/60799 http://security.gentoo.org/glsa/glsa-201209-05.xml http://www.debian.org/security/2012/dsa-2520 http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml http://www.libreoffice.org/about-us/security/advisories/cve-2012-2665 http://www.pre-cert.de/advisories/PRE-SA-2012-05 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2012-2334 – libreoffice: Integer overflow leading to buffer overflow by processing invalid Escher graphics records length in the Powerpoint documents
https://notcve.org/view.php?id=CVE-2012-2334
Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the length of an Escher graphics record in a PowerPoint (.ppt) document, which triggers a buffer overflow. Desbordamiento de entero en filter/source/msfilter/msdffimp.cxx en OpenOffice.org (OOo) v3.3, v3.4 Beta, y posiblemente anteriores, y LibreOffice antes de v3.5.3, permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de la longitud de un registro de gráficos Escher en una presentación de PowerPoint (.ppt), que provoca un desbordamiento de búfer. • http://archives.neohapsis.com/archives/bugtraq/2012-05/0091.html http://cgit.freedesktop.org/libreoffice/core/commit/?id=28a6558f9d3ca2dda3191f8b5b3f2378ee2533da http://cgit.freedesktop.org/libreoffice/core/commit/?id=512401decb286ba0fc3031939b8f7de8649c502e http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082168.html http://rhn.redhat.com/errata/RHSA-2012-0705.html http://secunia.com/advisories/46992 http://secunia.com/advisories/47244 http://secunia.com/advisories/49373 http://secunia.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVE-2012-1149 – libreoffice: Integer overflows, leading to heap-buffer overflows in JPEG, PNG and BMP reader implementations
https://notcve.org/view.php?id=CVE-2012-1149
Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow. Un desbordamiento de entero en el módulo de vclmi.dll en OpenOffice.org (OOo) v3.3, v3.4 Beta, y posiblemente en versiones anteriores, y LibreOffice antes de v3.5.3, permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) y posiblemente ejecutar código de su elección a través de un objeto de imagen especificamente modificado para este fin incrustado en el documento, tal y como lo demuestra una imagen JPEG en un archivo .DOC, que provoca un desbordamiento de búfer basado en memoria dinámica (heap). • http://archives.neohapsis.com/archives/bugtraq/2012-05/0089.html http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082168.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081319.html http://rhn.redhat.com/errata/RHSA-2012-0705.html http://secunia.com/advisories/46992 http://secunia.com/advisories/47244 http://secunia.com/advisories/49140 http://secunia.com/advisories/49373 http://secunia.com/advisories/49392 http://secunia.com/advisories/50692 h • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •