CVE-2012-0037

Published: Jun 17, 2012Modified: Apr 29, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.

Affected (19)

Products: Librdf: Raptor · Libreoffice: Libreoffice · Apache: Openoffice · +3 more

Show all products

Librdf: Raptor · Libreoffice: Libreoffice · Apache: Openoffice · Fedoraproject: Fedora · Redhat: Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Workstation, Gluster Storage Server For On Premise, Storage, Storage For Public Cloud · Debian: Debian Linux

1 product

1 product

1 product

1 product

8 products

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Workstation

Gluster Storage Server For On Premise

Storage

Storage For Public Cloud

Debian

1 product

Debian Linux

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Librdf Raptor	Before 2.0.7

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Libreoffice Libreoffice	Before 3.4.6
Libreoffice Libreoffice	Version 3.5.0

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Apache Openoffice	Version 3.3.0
Apache Openoffice	Version 3.4.0 beta

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 16
Fedoraproject Fedora	Version 17

Configuration E

11 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 5.0
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Eus	Version 6.2
Redhat Enterprise Linux Server	Version 5.0
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Server Aus	Version 6.2
Redhat Enterprise Linux Workstation	Version 5.0
Redhat Enterprise Linux Workstation	Version 6.0
Redhat Gluster Storage Server For On Premise	Version 2.0
Redhat Storage	Version 2.0
Redhat Storage For Public Cloud	Version 2.0

Configuration F

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 6.0

Related CWEs

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (62)

http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/

Source: secalert@redhat.com

Release Notes

http://librdf.org/raptor/RELEASE.html#rel2_0_7

Source: secalert@redhat.com

Release Notes

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html

Source: secalert@redhat.com

Mailing List

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html

Source: secalert@redhat.com

Mailing List

http://rhn.redhat.com/errata/RHSA-2012-0410.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2012-0411.html

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/48479

Source: secalert@redhat.com

Broken LinkVendor Advisory

http://secunia.com/advisories/48493

Source: secalert@redhat.com

Broken LinkVendor Advisory

http://secunia.com/advisories/48494

Source: secalert@redhat.com

Broken Link

http://secunia.com/advisories/48526

Source: secalert@redhat.com

Broken LinkVendor Advisory

http://secunia.com/advisories/48529

Source: secalert@redhat.com

Broken LinkVendor Advisory

http://secunia.com/advisories/48542

Source: secalert@redhat.com

Broken LinkVendor Advisory

http://secunia.com/advisories/48649

Source: secalert@redhat.com

Broken Link

http://secunia.com/advisories/50692

Source: secalert@redhat.com

Broken Link

http://secunia.com/advisories/60799

Source: secalert@redhat.com

Broken Link

http://security.gentoo.org/glsa/glsa-201209-05.xml

Source: secalert@redhat.com

Third Party Advisory

http://vsecurity.com/resources/advisory/20120324-1/

Source: secalert@redhat.com

Broken Link

http://www.debian.org/security/2012/dsa-2438

Source: secalert@redhat.com

Third Party Advisory

http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml

Source: secalert@redhat.com

Third Party Advisory

http://www.libreoffice.org/advisories/CVE-2012-0037/

Source: secalert@redhat.com

Vendor Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2012:061

Source: secalert@redhat.com

Broken Link

http://www.mandriva.com/security/advisories?name=MDVSA-2012:062

Source: secalert@redhat.com

Broken Link

http://www.mandriva.com/security/advisories?name=MDVSA-2012:063

Source: secalert@redhat.com

Broken Link

http://www.openoffice.org/security/cves/CVE-2012-0037.html

Source: secalert@redhat.com

MitigationPatch

http://www.openwall.com/lists/oss-security/2012/03/27/4

Source: secalert@redhat.com

ExploitMailing List

http://www.osvdb.org/80307

Source: secalert@redhat.com

Broken Link

http://www.securityfocus.com/bid/52681

Source: secalert@redhat.com

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1026837

Source: secalert@redhat.com

Broken LinkThird Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/74235

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0

Source: secalert@redhat.com

Patch

https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0%40%3Ccommits.openoffice.apache.org%3E

Source: secalert@redhat.com

Mailing ListPatch

http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/