CVE-2011-2713: Buffer Overflow
First published: Tue Jul 26 2011(Updated: )
A heap-based buffer out-ouf-bounds read was found in the way OpenOffice.org imported certain Microsoft Word Binary File Format (.DOC) file.If a user opened a specially-crafted DOC file in OpenOffice.org suite tool (oowriter), it could lead to denial of service (oowriter executable crash), or possibly, execute arbitrary code with the privileges of the user running OpenOffice.org Writer. This has been assigned <a href="https://access.redhat.com/security/cve/CVE-2011-2713">CVE-2011-2713</a>.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| LibreOffice Draw | <=3.4.2 | |
| LibreOffice Draw | =3.3.0 | |
| LibreOffice Draw | =3.3.1 | |
| LibreOffice Draw | =3.3.2 | |
| LibreOffice Draw | =3.3.3 | |
| LibreOffice Draw | =3.3.4 | |
| LibreOffice Draw | =3.4.0 | |
| LibreOffice Draw | =3.4.1 | |
| Apache OpenOffice | =3.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securitytracker.com/id?1026145
- http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068160.html
- https://bugzilla.redhat.com/show_bug.cgi?id=725668
- http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068198.html
- http://www.securityfocus.com/bid/49969
- http://www.libreoffice.org/advisories/CVE-2011-2713/
- http://www.debian.org/security/2011/dsa-2315
- http://lists.opensuse.org/opensuse-updates/2011-10/msg00019.html
- http://osvdb.org/76178
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:172
- http://security.gentoo.org/glsa/glsa-201209-05.xml
- http://secunia.com/advisories/50692
- http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
- http://secunia.com/advisories/60799
- https://access.redhat.com/security/cve/CVE-2011-2713
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=515212&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=515212&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=515213&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=515213&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=515214&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=515214&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=515215&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=515215&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=515216&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=515216&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=523579&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=523579&action=edit
- https://access.redhat.com/security/cve/CVE-2010-3452
Frequently Asked Questions
What is the severity of CVE-2011-2713?
CVE-2011-2713 has a moderate severity level, primarily causing denial of service through application crashes.
How do I fix CVE-2011-2713?
To mitigate CVE-2011-2713, users should upgrade to a patched version of OpenOffice.org or LibreOffice that addresses this vulnerability.
Which versions of software are affected by CVE-2011-2713?
CVE-2011-2713 affects Apache OpenOffice 3.3.0 and various versions of LibreOffice leading up to 3.4.2.
What types of attacks can exploit CVE-2011-2713?
CVE-2011-2713 can be exploited by opening specially-crafted Microsoft Word .DOC files, potentially crashing the application.
Is CVE-2011-2713 still a risk for users today?
While CVE-2011-2713 is an older vulnerability, it remains a risk for users running the affected versions of the software.
- agent/references
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-2713
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/libreoffice
- canonical/libreoffice draw
- version/libreoffice draw/3.4.2
- version/libreoffice draw/3.3.0
- version/libreoffice draw/3.3.1
- version/libreoffice draw/3.3.2
- version/libreoffice draw/3.3.3
- version/libreoffice draw/3.3.4
- version/libreoffice draw/3.4.0
- version/libreoffice draw/3.4.1
- vendor/sun
- canonical/apache openoffice
- version/apache openoffice/3.3.0