CVE-2015-5212 — MEDIUM (6.8)

Q: How severe is CVE-2015-5212?

CVE-2015-5212 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-5212?

Check the references section above for vendor advisories and patch information. Affected products include: Libreoffice Libreoffice, Apache Openoffice, Canonical Ubuntu Linux, Debian Debian Linux.

Vulnerability Description

Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted PrinterSetup data in an ODF document.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Libreoffice	Libreoffice	<= 4.4.4
Apache	Openoffice	<= 4.1.1
Canonical	Ubuntu Linux	12.04
Debian	Debian Linux	7.0

Related Weaknesses (CWE)

CWE-191

References

http://rhn.redhat.com/errata/RHSA-2015-2619.htmlThird Party Advisory
http://www.debian.org/security/2015/dsa-3394Third Party Advisory
http://www.libreoffice.org/about-us/security/advisories/cve-2015-5212/Vendor Advisory
http://www.openoffice.org/security/cves/CVE-2015-5212.htmlVendor Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.hThird Party Advisory
http://www.securityfocus.com/bid/77486Broken LinkThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1034085Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1034091Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-2793-1Third Party Advisory
https://security.gentoo.org/glsa/201603-05Third Party Advisory
https://security.gentoo.org/glsa/201611-03Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2619.htmlThird Party Advisory
http://www.debian.org/security/2015/dsa-3394Third Party Advisory
http://www.libreoffice.org/about-us/security/advisories/cve-2015-5212/Vendor Advisory
http://www.openoffice.org/security/cves/CVE-2015-5212.htmlVendor Advisory

FAQ

What is CVE-2015-5212?

CVE-2015-5212 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause ...

How severe is CVE-2015-5212?

CVE-2015-5212 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-5212?

Check the references section above for vendor advisories and patch information. Affected products include: Libreoffice Libreoffice, Apache Openoffice, Canonical Ubuntu Linux, Debian Debian Linux.