FreeBSD : Apache OpenOffice 4.1.2 -- Memory Corruption Vulnerability (Impress Presentations) (72f71e26-4f69-11e6-ac37-ac9e174be3af)

high Nessus Plugin ID 92504

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Apache OpenOffice Project reports :

An OpenDocument Presentation .ODP or Presentation Template .OTP file can contain invalid presentation elements that lead to memory corruption when the document is loaded in Apache OpenOffice Impress.
The defect may cause the document to appear as corrupted and OpenOffice may crash in a recovery-stuck mode requiring manual intervention. A crafted exploitation of the defect can allow an attacker to cause denial of service (memory corruption and application crash) and possible execution of arbitrary code.

Solution

Update the affected packages.

See Also

http://www.openoffice.org/security/cves/CVE-2015-4551.html

http://www.nessus.org/u?9a9858d1

Plugin Details

Severity: High

ID: 92504

File Name: freebsd_pkg_72f71e264f6911e6ac37ac9e174be3af.nasl

Version: 2.8

Type: local

Published: 7/22/2016

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:apache-openoffice, p-cpe:/a:freebsd:freebsd:apache-openoffice-devel, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 7/21/2016

Vulnerability Publication Date: 7/17/2016

Reference Information

CVE: CVE-2016-1513