CVE-2012-0037

MEDIUM

Librdf Raptor < 2.0.7 - XXE

Title source: rule

Description

Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.

References (31)

[Release Notes] http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/

[Release Notes] http://librdf.org/raptor/RELEASE.html#rel2_0_7

[Mailing List] http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html

[Mailing List] http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2012-0410.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2012-0411.html

[Broken Link, Vendor Advisory] http://secunia.com/advisories/48479

[Broken Link, Vendor Advisory] http://secunia.com/advisories/48493

[Broken Link] http://secunia.com/advisories/48494

[Broken Link, Vendor Advisory] http://secunia.com/advisories/48526

[Broken Link, Vendor Advisory] http://secunia.com/advisories/48529

[Broken Link, Vendor Advisory] http://secunia.com/advisories/48542

[Broken Link] http://secunia.com/advisories/48649

[Broken Link] http://secunia.com/advisories/50692

[Broken Link] http://secunia.com/advisories/60799

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-201209-05.xml

[Broken Link] http://vsecurity.com/resources/advisory/20120324-1/

[Third Party Advisory] http://www.debian.org/security/2012/dsa-2438

[Third Party Advisory] http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml

[Vendor Advisory] http://www.libreoffice.org/advisories/CVE-2012-0037/

... and 11 more

Scores

CVSS v3 6.5

EPSS 0.0090

EPSS Percentile 75.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Classification

CWE

CWE-611

Status draft

Affected Products (19)

librdf/raptor < 2.0.7

libreoffice/libreoffice < 3.4.6

libreoffice/libreoffice

apache/openoffice

apache/openoffice

fedoraproject/fedora

fedoraproject/fedora

redhat/gluster_storage_server_for_on-premise

redhat/storage

redhat/storage_for_public_cloud

redhat/enterprise_linux_desktop

redhat/enterprise_linux_desktop

redhat/enterprise_linux_eus

redhat/enterprise_linux_server

redhat/enterprise_linux_server

... and 4 more

Timeline

Published Jun 17, 2012

Tracked Since Feb 18, 2026