Mandriva Linux Security Advisory : libreoffice (MDVSA-2012:091)

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.

Synopsis :

The remote Mandriva Linux host is missing one or more security

Description :

Security issues were identified and fixed in libreoffice :

An integer overflow vulnerability in the libreoffice graphic loading
code could allow a remote attacker to cause a denial of service
(application crash) or potentially execute arbitrary code

An integer overflow flaw, leading to buffer overflow, was found in the
way libreoffice processed invalid Escher graphics records length in
PowerPoint documents. An attacker could provide a specially crafted
PowerPoint document that, when opened, would cause libreoffice to
crash or, potentially, execute arbitrary code with the privileges of
the user running libreoffice (CVE-2012-2334).

libreoffice for Mandriva Linux 2011 has been upgraded to the 3.5.4
version which is not vulnerable to these issues.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 61955 ()

Bugtraq ID: 53570

CVE ID: CVE-2012-1149

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now