{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-06-16T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary code via a crafted .lwp file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-11-24T10:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "openSUSE-SU-2011:1143", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00019.html"}, {"name": "[oss-security] 20110712 Re: libreoffice/openoffice.org CVE id request", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/07/12/13"}, {"name": "MDVSA-2011:172", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:172"}, {"tags": ["x_refsource_MISC"], "url": "http://cgit.freedesktop.org/libreoffice/filters/commit/?id=d93fa011d713100775cd3ac88c468b6830d48877"}, {"name": "VU#953183", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/953183"}, {"tags": ["x_refsource_MISC"], "url": "http://cgit.freedesktop.org/libreoffice/filters/commit/?id=278831e37a23e9e2e29ca811c3a5398b7c67464d"}, {"name": "[oss-security] 20110706 libreoffice/openoffice.org CVE id request", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/07/06/13"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-2685", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary code via a crafted .lwp file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2011:1143", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00019.html"}, {"name": "[oss-security] 20110712 Re: libreoffice/openoffice.org CVE id request", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2011/07/12/13"}, {"name": "MDVSA-2011:172", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:172"}, {"name": "http://cgit.freedesktop.org/libreoffice/filters/commit/?id=d93fa011d713100775cd3ac88c468b6830d48877", "refsource": "MISC", "url": "http://cgit.freedesktop.org/libreoffice/filters/commit/?id=d93fa011d713100775cd3ac88c468b6830d48877"}, {"name": "VU#953183", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/953183"}, {"name": "http://cgit.freedesktop.org/libreoffice/filters/commit/?id=278831e37a23e9e2e29ca811c3a5398b7c67464d", "refsource": "MISC", "url": "http://cgit.freedesktop.org/libreoffice/filters/commit/?id=278831e37a23e9e2e29ca811c3a5398b7c67464d"}, {"name": "[oss-security] 20110706 libreoffice/openoffice.org CVE id request", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2011/07/06/13"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:08:23.771Z"}, "title": "CVE Program Container", "references": [{"name": "openSUSE-SU-2011:1143", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00019.html"}, {"name": "[oss-security] 20110712 Re: libreoffice/openoffice.org CVE id request", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/07/12/13"}, {"name": "MDVSA-2011:172", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:172"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://cgit.freedesktop.org/libreoffice/filters/commit/?id=d93fa011d713100775cd3ac88c468b6830d48877"}, {"name": "VU#953183", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/953183"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://cgit.freedesktop.org/libreoffice/filters/commit/?id=278831e37a23e9e2e29ca811c3a5398b7c67464d"}, {"name": "[oss-security] 20110706 libreoffice/openoffice.org CVE id request", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/07/06/13"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-2685", "datePublished": "2011-07-21T23:00:00", "dateReserved": "2011-07-11T00:00:00", "dateUpdated": "2024-08-06T23:08:23.771Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*", "matchCriteriaId": "370513BA-331F-4EF3-87F9-6B839B8B089F", "versionEndIncluding": "3.3.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:3.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "F6EC7F36-4505-425A-858A-7CC7E11FAEEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:3.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "946A4315-09BD-4A88-82ED-F4922CD884CD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary code via a crafted .lwp file."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en el Lotus Word Pro importaci\u00f3n de filtro en LibreOffice en versiones anteriores a v3.3.3 que permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante un archivo dise\u00f1ado. Archivo LWP"}], "id": "CVE-2011-2685", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-07-21T23:55:03.973", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://cgit.freedesktop.org/libreoffice/filters/commit/?id=278831e37a23e9e2e29ca811c3a5398b7c67464d"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://cgit.freedesktop.org/libreoffice/filters/commit/?id=d93fa011d713100775cd3ac88c468b6830d48877"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00019.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/953183"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:172"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2011/07/06/13"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2011/07/12/13"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://cgit.freedesktop.org/libreoffice/filters/commit/?id=278831e37a23e9e2e29ca811c3a5398b7c67464d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://cgit.freedesktop.org/libreoffice/filters/commit/?id=d93fa011d713100775cd3ac88c468b6830d48877"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00019.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/953183"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:172"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2011/07/06/13"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2011/07/12/13"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "filter): Multiple stack buffer overflows when processing certain LWP files (VU#953183)", "id": "720006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=720006"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "draft"}, "cwe": "CWE-121", "details": ["Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary code via a crafted .lwp file."], "name": "CVE-2011-2685", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Not affected", "package_name": "openoffice.org", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "openoffice.org", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "openoffice.org", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2011-06-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-2685\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-2685"], "statement": "Not vulnerable. This issue did not affect the versions of openoffice.org and openoffice.org2 packages as shipped with Red Hat Enterprise Linux 4, and the versions of openoffice.org packages as shipped with Red Hat Enterprise Linux 5 and 6.", "threat_severity": "Moderate"}