Multiple heap-based buffer overflow vulnerability in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice (Mac OS X)| ID: oval:org.secpod.oval:def:7162 | Date: (C)2012-10-04 (M)2023-12-02 |
| Class: VULNERABILITY | Family: macos |
The host is installed with OpenOffice.org less than or equal to 3.4 or LibreOffice before 3.5.5 and is prone to multiple heap based buffer overflow vulnerabilities. The flaws are present in the applications, which fail to handle a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, duplicate tags, or a Base64 ChecksumAttribute whose length is not evenly divisible by four. Successful exploitation could allow attackers to crash the service or execute arbitrary code.
| Platform: |
| Apple Mac OS 14 |
| Apple Mac OS 13 |
| Apple Mac OS 12 |
| Apple Mac OS 11 |
| Apple Mac OS X 10.15 |
| Apple Mac OS X 10.14 |
| Apple Mac OS X 10.13 |
| Apple Mac OS X 10.8 |
| Apple Mac OS X 10.9 |
| Apple Mac OS X 10.10 |
| Apple Mac OS X 10.11 |
| Apple Mac OS X 10.12 |
| Apple Mac OS X Server 10.8 |
| Apple Mac OS X Server 10.9 |
| Apple Mac OS X Server 10.10 |
| Apple Mac OS X Server 10.11 |
| Apple Mac OS X Server 10.12 |
| Product: |
| LibreOffice |
| OpenOffice.org |
