Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-611,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_workstation | 5.0 |
| libreoffice | libreoffice | 3.5.0 |
| redhat | storage_for_public_cloud | 2.0 |
| apache | openoffice | 3.4.0 |
| libreoffice | libreoffice | 3.4.5 |
| redhat | gluster_storage_server_for_on-premise | 2.0 |
| libreoffice | libreoffice | 3.3.2 |
| libreoffice | libreoffice | 3.4.2 |
| redland | libraptor | * |
| libreoffice | libreoffice | * |
| librdf | raptor | * |
| libreoffice | libreoffice | 3.3.4 |
| redhat | enterprise_linux_workstation | 6.0 |
| fedoraproject | fedora | 16 |
| libreoffice | libreoffice | 3.3.0 |
| apache | openoffice.org | 3.4 |
| fedoraproject | fedora | 17 |
| debian | debian_linux | 6.0 |
| redhat | enterprise_linux_server | 6.0 |
| libreoffice | libreoffice | 3.3.1 |
| redhat | enterprise_linux_desktop | 6.0 |
| libreoffice | libreoffice | 3.5 |
| libreoffice | libreoffice | 3.4.0 |
| redhat | storage | 2.0 |
| redhat | enterprise_linux_desktop | 5.0 |
| redhat | enterprise_linux_eus | 6.2 |
| apache | openoffice.org | 3.3 |
| redhat | enterprise_linux_server_aus | 6.2 |
| apache | openoffice | 3.3.0 |
| redhat | enterprise_linux_server | 5.0 |
| libreoffice | libreoffice | 3.4.1 |
| libreoffice | libreoffice | 3.3.3 |