Integer Overflow or Wraparound Affecting broffice.org-brand package, versions <1:3.2.1-19.6.el6_2.7


Severity

Recommended
high

Based on Red Hat Enterprise Linux security rating.

Threat Intelligence

EPSS
3.07% (91st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-RHEL6-BROFFICEORGBRAND-1439364
  • published26 Jul 2021
  • disclosed16 May 2012

Introduced: 16 May 2012

CVE-2012-2334  (opens in a new tab)
CWE-190  (opens in a new tab)
CWE-119  (opens in a new tab)

How to fix?

Upgrade RHEL:6 broffice.org-brand to version 1:3.2.1-19.6.el6_2.7 or higher.
This issue was patched in RHSA-2012:0705.

NVD Description

Note: Versions mentioned in the description apply only to the upstream broffice.org-brand package and not the broffice.org-brand package as distributed by RHEL. See How to fix? for RHEL:6 relevant fixed versions and status.

Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the length of an Escher graphics record in a PowerPoint (.ppt) document, which triggers a buffer overflow.

CVSS Scores

version 3.1