Document Foundation Mail Archive › Discuss

security-related information, CVE-2012-2665 Multiple heap-based buffer overflows in the XML manifest encryption handling code

Classic

List

Threaded

1 message

Caolán McNamara

security-related information, CVE-2012-2665 Multiple heap-based buffer overflows in the XML manifest encryption handling code

https://www.libreoffice.org/advisories/

CVE-2012-2665 Multiple heap-based buffer overflows in the XML manifest
encryption handling code

Multiple heap-based buffer overflow flaws were found in the XML
manifest encryption tag parsing code of LibreOffice. An attacker could
create a specially-crafted file in the Open Document Format for Office
Applications (ODF) format which when opened could cause arbitrary code
execution.

Thanks to Timo Warns of PRE-CERT for reporting this flaw. Users are
recommended to upgrade to 3.5.5 to avoid this flaw

C.

--
Unsubscribe instructions: E-mail to [hidden email]
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.documentfoundation.org/www/discuss/
All messages sent to this list will be publicly archived and cannot be deleted