Bug 725668 (CVE-2011-2713)
Summary: | CVE-2011-2713 openoffice.org: Out-of-bounds read in DOC sprm parser | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Huzaifa S. Sidhpurwala <huzaifas> | ||||||||||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||||||||||
Status: | CLOSED NOTABUG | QA Contact: | |||||||||||||||
Severity: | medium | Docs Contact: | |||||||||||||||
Priority: | medium | ||||||||||||||||
Version: | unspecified | CC: | caolanm, security-response-team | ||||||||||||||
Target Milestone: | --- | Keywords: | Security | ||||||||||||||
Target Release: | --- | ||||||||||||||||
Hardware: | All | ||||||||||||||||
OS: | Linux | ||||||||||||||||
Whiteboard: | |||||||||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||||||||
Doc Text: | Story Points: | --- | |||||||||||||||
Clone Of: | Environment: | ||||||||||||||||
Last Closed: | 2011-10-05 10:41:16 UTC | Type: | --- | ||||||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||||||
Documentation: | --- | CRM: | |||||||||||||||
Verified Versions: | Category: | --- | |||||||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||||
Embargoed: | |||||||||||||||||
Bug Depends On: | |||||||||||||||||
Bug Blocks: | 725683 | ||||||||||||||||
Attachments: |
|
Description
Huzaifa S. Sidhpurwala
2011-07-26 08:48:45 UTC
Created attachment 515212 [details]
patch1
Created attachment 515213 [details]
patch2
Created attachment 515214 [details]
patch3
Created attachment 515215 [details]
patch4
Created attachment 515216 [details]
patch5
Created attachment 523579 [details]
combined backport to OpenOffice.org 3.2.1
This is public via: http://www.libreoffice.org/advisories/CVE-2011-2713/ It initially appeared that this flaw may be exploitable similar to CVE-2010-3452, where an OOB Read caused Arbitrary Code Execution. However in the case of this particular flaw, the junk data read is just parsed into an internal representation of properties and the maximum harm this should cause in application crash (Denial Of Service). Timeline: - Reported to securityteam on 25-July-2011 - Recieved a reply (with tdf-security.org copied) on the same date - Release date changed with a few delays in between - Release on 5-Oct-2011 Statement: This issue results in an OOB read which is not exploitable for arbitrary code execution and can simply cause a crash. We do not consider this as a security issue. Acknowledgements: This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team. |