Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-5212

Опубликовано: 04 нояб. 2015
Источник: redhat
CVSS2: 5.8
EPSS Средний

Описание

Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted PrinterSetup data in an ODF document.

An integer underflow flaw leading to a heap-based buffer overflow when parsing PrinterSetup data was discovered. By tricking a user into opening a specially crafted document, an attacker could possibly exploit this flaw to execute arbitrary code with the privileges of the user opening the file.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5openoffice.orgWill not fix
Red Hat Enterprise Linux 6libreofficeFixedRHSA-2015:261914.12.2015
Red Hat Enterprise Linux 7libreofficeFixedRHSA-2015:261914.12.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=1278820libreoffice: Integer underflow in PrinterSetup length

EPSS

Процентиль: 97%
0.44545
Средний

5.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-5212

ubuntu
почти 10 лет назад

Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted PrinterSetup data in an ODF document.

nvd логотип

CVE-2015-5212

nvd
почти 10 лет назад

Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted PrinterSetup data in an ODF document.

debian логотип

CVE-2015-5212

debian
почти 10 лет назад

Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice be ...

github логотип

GHSA-3m69-8mpc-r6h3

github
больше 3 лет назад

Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted PrinterSetup data in an ODF document.

fstec логотип

BDU:2015-12101

CVSS3: 7.8
fstec
почти 10 лет назад

Уязвимость операционных систем Debian GNU/Linux, Ubuntu, пакетов офисных программ LibreOffice и Apache OpenOffice, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

EPSS

Процентиль: 97%
0.44545
Средний

5.8 Medium

CVSS2