CVE-2015-5212

Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting Load printer settings with the document is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted PrinterSetup data in an ODF document.

Weakness

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

Affected Software

Name	Vendor	Start Version	End Version
Libreoffice	Libreoffice	*	4.4.4 (including)
Libreoffice	Ubuntu	precise	*
Libreoffice	Ubuntu	trusty	*
Libreoffice	Ubuntu	vivid	*
Red Hat Enterprise Linux 6	RedHat	libreoffice-1:4.2.8.2-11.el6_7.1	*
Red Hat Enterprise Linux 7	RedHat	libreoffice-1:4.3.7.2-5.el7_2.1	*

References

http://rhn.redhat.com/errata/RHSA-2015-2619.html
http://www.debian.org/security/2015/dsa-3394
http://www.libreoffice.org/about-us/security/advisories/cve-2015-5212/
http://www.openoffice.org/security/cves/CVE-2015-5212.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/77486
http://www.securitytracker.com/id/1034085
http://www.securitytracker.com/id/1034091
http://www.ubuntu.com/usn/USN-2793-1
https://security.gentoo.org/glsa/201603-05
https://security.gentoo.org/glsa/201611-03

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-5212
CWE	https://cwe.mitre.org/data/definitions/191.html

Integer Underflow (Wrap or Wraparound)

Weakness

Affected Software

References