Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
References
Link Providers
http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/ cve-icon cve-icon
http://librdf.org/raptor/RELEASE.html#rel2_0_7 cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-0410.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-0411.html cve-icon cve-icon
http://secunia.com/advisories/48479 cve-icon cve-icon
http://secunia.com/advisories/48493 cve-icon cve-icon
http://secunia.com/advisories/48494 cve-icon cve-icon
http://secunia.com/advisories/48526 cve-icon cve-icon
http://secunia.com/advisories/48529 cve-icon cve-icon
http://secunia.com/advisories/48542 cve-icon cve-icon
http://secunia.com/advisories/48649 cve-icon cve-icon
http://secunia.com/advisories/50692 cve-icon cve-icon
http://secunia.com/advisories/60799 cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-201209-05.xml cve-icon cve-icon
http://vsecurity.com/resources/advisory/20120324-1/ cve-icon cve-icon cve-icon
http://www.debian.org/security/2012/dsa-2438 cve-icon cve-icon
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml cve-icon cve-icon
http://www.libreoffice.org/advisories/CVE-2012-0037/ cve-icon cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2012:061 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2012:062 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2012:063 cve-icon cve-icon
http://www.openoffice.org/security/cves/CVE-2012-0037.html cve-icon cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2012/03/27/4 cve-icon cve-icon
http://www.osvdb.org/80307 cve-icon cve-icon
http://www.securityfocus.com/bid/52681 cve-icon cve-icon
http://www.securitytracker.com/id?1026837 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/74235 cve-icon cve-icon
https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0 cve-icon cve-icon
https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0%40%3Ccommits.openoffice.apache.org%3E cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2012-0037 cve-icon
https://www.cve.org/CVERecord?id=CVE-2012-0037 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-06-17T01:00:00

Updated: 2024-08-06T18:09:17.171Z

Reserved: 2011-12-07T00:00:00

Link: CVE-2012-0037

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-06-17T03:41:40.107

Modified: 2024-11-21T01:34:15.673

Link: CVE-2012-0037

cve-icon Redhat

Severity : Important

Publid Date: 2012-03-22T00:00:00Z

Links: CVE-2012-0037 - Bugzilla