Red Hat Bugzilla – Bug 988834
CVE-2013-2189 openoffice.org, libreoffice: Memory corruption when parsing invalid PLCF data by processing certain DOC files
Last modified: 2015-07-31 06:59:14 EDT
A security flaw was found in the way Apache OpenOffice and LibreOffice, office productivity suites, previously used to handle certain, invalid PLCF (Plex of Character Positions in File) elements when parsing selected Microsoft Office Word (DOC) format documents. A remote attacker could provide a specially-crafted DOC format file that, when processed in some application from the Apache OpenOffice or LibreOffice suites would lead to that application crash or, potentially, arbitrary code execution with the privileges of the user running the application.
This issue affects the version of the openoffice.org package, as shipped with Red Hat Enterprise Linux 5.
This issue did not affect the version of the libreoffice package, as shipped with Red Hat Enterprise Linux 6.
This issue did not affect the versions of the libreoffice package, as shipped with Fedora release of 18 and 19.
We do not consider a denial of service flaw in a client application such as OpenOffice to be a security issue.