FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenOffice 4.1.1 -- multiple vulnerabilities

Affected packages
apache-openoffice < 4.1.2
apache-openoffice-devel < 4.2.1705368,3

Details

VuXML ID 18b3c61b-83de-11e5-905b-ac9e174be3af
Discovery 2015-11-04
Entry 2015-11-05
Modified 2015-11-05

The Apache OpenOffice Project reports:

A vulnerability in OpenOffice settings of OpenDocument Format files and templates allows silent access to files that are readable from an user account, over-riding the user's default configuration settings. Once these files are imported into a maliciously-crafted document, the data can be silently hidden in the document and possibly exported to an external party without being observed.

The Apache OpenOffice Project reports:

A crafted ODF document can be used to create a buffer that is too small for the amount of data loaded into it, allowing an attacker to cause denial of service (memory corruption and application crash) and possible execution of arbitrary code.

The Apache OpenOffice Project reports:

A crafted Microsoft Word DOC file can be used to specify a document buffer that is too small for the amount of data provided for it. Failure to detect the discrepancy allows an attacker to cause denial of service (memory corruption and application crash) and possible execution of arbitrary code.

The Apache OpenOffice Project reports:

A crafted Microsoft Word DOC can contain invalid bookmark positions leading to memory corruption when the document is loaded or bookmarks are manipulated. The defect allows an attacker to cause denial of service (memory corruption and application crash) and possible execution of arbitrary code.

References

CVE Name CVE-2015-4551
CVE Name CVE-2015-5212
CVE Name CVE-2015-5213
CVE Name CVE-2015-5214
URL http://www.openoffice.org/security/cves/CVE-2015-4551.html
URL http://www.openoffice.org/security/cves/CVE-2015-5212.html
URL http://www.openoffice.org/security/cves/CVE-2015-5213.html
URL http://www.openoffice.org/security/cves/CVE-2015-5214.html