Gentoo Linux Security Advisory 201408-19 - Multiple vulnerabilities have been found in OpenOffice and LibreOffice, the worst of which may result in execution of arbitrary code.
25cba7cb86e5c00a8edba21108a03562ceee1d3bf37cd0e99baa6eabd8e19dc3Ubuntu Security Notice 1901-1 - Timothy D. Morgan discovered that Raptor would unconditionally load XML external entities. If a user were tricked into opening a specially crafted document in an application linked against Raptor, an attacker could possibly obtain access to arbitrary files on the user's system or potentially execute arbitrary code with the privileges of the user invoking the program.
129bfa80ff19162520bf13eed9fe89bfddd3574089068101f024e5bd08c06df6Gentoo Linux Security Advisory 201209-5 - Multiple vulnerabilities have been found in LibreOffice, allowing remote attackers to execute arbitrary code or cause a Denial of Service. Versions less than 3.5.5.3 are affected.
0c0c89386d8cd136d3fe20439efaf87b5728dd22a2e911959574abcd93409365Ubuntu Security Notice 1480-1 - Timothy D. Morgan discovered that Raptor would unconditionally load XML external entities. If a user were tricked into opening a specially crafted document in an application linked against Raptor, an attacker could possibly obtain access to arbitrary files on the user's system or potentially execute arbitrary code with the privileges of the user invoking the program.
80dd663dc082f9ee36640ff192c8f15a25649b63ec9dc679ef519dcebbe263a1Mandriva Linux Security Advisory 2012-063 - An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. libreoffice for Mandriva Linux 2011 has been upgraded to the 3.4.6 version which is not vulnerable to this issue.
d19a729c4502f3e0a4c2e9cb4ff0e0e72defd4fa38ba2015471857f60f1a1746Mandriva Linux Security Advisory 2012-062 - An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct this issue.
ae5a4a5d9ce6cee17510c13ca494d9b773752f3dfe112be30c15eceacdcaa9aaMandriva Linux Security Advisory 2012-061 - An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct this issue. raptor2 for Mandriva Linux 2011 has been upgraded to the 2.0.7 version which is not vulnerable to this issue.
6c937a56998bb864b9de64f9b4c8402abef0fa2c6c10daab783db4ac0f50a28fVSR identified a vulnerability in multiple open source office products (including OpenOffice, LibreOffice, KOffice, and AbiWord) due to unsafe interpretation of XML files with custom entity declarations. Deeper analysis revealed that the vulnerability was caused by acceptance of external entities by the libraptor library, which is used by librdf and is in turn used by these office products.
c080c190d86a9fe75c277115920d4c554a70b66f10a4c4abc47cf7b1079c5232An XML External Entity (XXE) attack is possible in OpenOffice.org versions 3.3 and 3.4 Beta. This vulnerability exploits the way in which external entities are processed in certain XML components of ODF documents.
8eebd992aa35f4faf62775e9bf55d28de394b1f4f67b8928b0375d38ba17a838Red Hat Security Advisory 2012-0410-01 - Raptor provides parsers for Resource Description Framework files. An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
8bcd1732b713cd3674bedba3c026ea7f1a3ef78587eaffce9e679010f8748734Red Hat Security Advisory 2012-0411-01 - OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. OpenOffice.org embeds a copy of Raptor, which provides parsers for Resource Description Framework files. An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If OpenOffice.org were to open a specially-crafted file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running OpenOffice.org had access to. A bug in the way Raptor handled external entities could cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org.
9a0a4f543457fc7348795ef6b90c507f9cb100611358fcad986b6f701a4bd297Debian Linux Security Advisory 2438-1 - It was discovered that Raptor, a RDF parser and serializer library, allows file inclusion through XML entities, resulting in information disclosure.
f839e2a4a52840a605f43c488064d43c0370825b6f879b5ba87cf37e1ceef9d5
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed