CVSS: 9.8EPSS: 19%CPEs: 14EXPL: 0CVE-2012-1149 – libreoffice: Integer overflows, leading to heap-buffer overflows in JPEG, PNG and BMP reader implementations
https://notcve.org/view.php?id=CVE-2012-1149
21 Jun 2012 — Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow. Un desbordamiento de entero en el módulo de vclmi.dll en OpenOffice.org (OOo) v3.3, v3.4 Beta, y posiblemente en versiones anteriores, y Libr... • http://archives.neohapsis.com/archives/bugtraq/2012-05/0089.html • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 25%CPEs: 5EXPL: 2CVE-2012-2149 – libwpd: Memory overwrite flaw by processing certain WordPerfect (WPD) documents
https://notcve.org/view.php?id=CVE-2012-2149
21 Jun 2012 — The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used. NOTE: some sources report this issue as an integer overflow. La función WPXContentListener::_closeTableRow en WPXContentListener.cpp en libwpd v0.8.8, tal y como es usado por OpenOffice.org (OOo) antes de v3.4, permite a atacantes remotos e... • http://archives.neohapsis.com/archives/bugtraq/2012-05/0090.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 4%CPEs: 13EXPL: 2CVE-2012-2334 – libreoffice: Integer overflow leading to buffer overflow by processing invalid Escher graphics records length in the Powerpoint documents
https://notcve.org/view.php?id=CVE-2012-2334
19 Jun 2012 — Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the length of an Escher graphics record in a PowerPoint (.ppt) document, which triggers a buffer overflow. Desbordamiento de entero en filter/source/msfilter/msdffimp.cxx en OpenOffice.org (OOo) v3.3, v3.4 Beta, y posiblemente anteriores, y LibreOffice antes de v3... • http://archives.neohapsis.com/archives/bugtraq/2012-05/0091.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 4%CPEs: 9EXPL: 0CVE-2011-2713 – Gentoo Linux Security Advisory 201408-19
https://notcve.org/view.php?id=CVE-2011-2713
21 Oct 2011 — oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted DOC file that triggers an out-of-bounds read in the DOC sprm parser. oowriter en OpenOffice.org v3.3.0 y LibreOffice anterior a v3.4.3 permite a atacantes remotos asistidos por un usuario pueden provocar una denegación de servicio (caída) mediante un archivo DOC manipulado que provoca una lectura fuera del límite analizador sintáctico de DOC sprm. Multiple vu... • http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068160.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 17%CPEs: 2EXPL: 0CVE-2010-2935 – OpenOffice.Org: Integer truncation error by parsing specially-crafted Microsoft PowerPoint document
https://notcve.org/view.php?id=CVE-2010-2935
25 Aug 2010 — simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error." simpress.bin en el módulo Impress en OpenOffice.org (OOo) v3.2.1 sobre Windows, no maneja adecuadamente los valor... • http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 22%CPEs: 2EXPL: 0CVE-2010-2936 – OpenOffice.org: Heap-based buffer overflow by parsing specially-crafted Microsoft PowerPoint document
https://notcve.org/view.php?id=CVE-2010-2936
25 Aug 2010 — Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer overflow. Desbordamiento de entero en simpress.bin en el módulo Impress en OpenOffice.org (OOo) v3.2.1 sobre Windows, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente, la... • http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 32%CPEs: 13EXPL: 0CVE-2009-2139
https://notcve.org/view.php?id=CVE-2009-2139
08 Sep 2009 — Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allows remote attackers to execute arbitrary code via a crafted EMF file, a similar issue to CVE-2008-2238. Hay un desbordamiento de búfer en la región heap de la memoria en svtools/source/filter.vcl/wmf/enhwmf.cxx en Go-oo versiones 2.xy 3.x anterior a 3.0.1, anteriormente ooo-build y relacionado con OpenOffice.org (OOo), permite a los ata... • http://cgit.freedesktop.org/ooo-build/ooo-build/commit/?id=49b4e38571912a7d28c4044e5b2bd57e51c77d55 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 18%CPEs: 59EXPL: 0CVE-2009-0200 – OpenOffice.org Word document Integer Underflow
https://notcve.org/view.php?id=CVE-2009-0200
02 Sep 2009 — Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow. Desbordamiento de entero en en OpenOffice.org (OOo)anteriores v3.1.1 permite a atacantes remotos ejecutar código de su elección a través de registros manipulados en la tabla de documentos de un documento Word, desencadenando un desbordamiento basado en pila. Mul... • http://development.openoffice.org/releases/3.1.1.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 9.3EPSS: 20%CPEs: 17EXPL: 0CVE-2009-0201 – OpenOffice.org Word document buffer overflow
https://notcve.org/view.php?id=CVE-2009-0201
02 Sep 2009 — Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to "table parsing." Desbordamiento de búfer basado en memoria dinámica en OpenOffice.org (OOo) en versiones anteriores a la 3.1.1 puede permitir atacantes remotos ejecutar código de su elección mediante registros no especificados en un documento de Word manipulado, en relación con "table parsing... • http://development.openoffice.org/releases/3.1.1.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 38EXPL: 0CVE-2009-2416 – mingw32-libxml2: Pointer use-after-free flaws by parsing Notation and Enumeration attribute types
https://notcve.org/view.php?id=CVE-2009-2416
11 Aug 2009 — Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. Múltiples vulnerabilidades de uso anterior a la liberación en libxml2 v2.5.10, v2.6.16, v2.6.26, v2.6.27, y v2.6.32, y libxml v1.8.17, permite a atacantes dependientes de contexto p... • http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html • CWE-416: Use After Free •