What is CVE-2012-5639?

CVE-2012-5639 is a medium-severity software vulnerability (CWE-668) with a CVSS score of 6.5. LibreOffice and OpenOffice automatically open embedded content

Is CVE-2012-5639 being actively exploited?

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 6%.

What products does CVE-2012-5639 affect?

Tracked products affected include LibreOffice, Apache OpenOffice. Check the version you run to see whether it is affected.

How do I fix CVE-2012-5639?

Apply the vendor fix in your normal patch cycle. Upgrade affected products to a fixed version.

← All products

CVE-2012-5639

MEDIUM severity · CVSS 6.5 · CWE-668

6.5CVSS MEDIUM

Summary

LibreOffice and OpenOffice automatically open embedded content

Impact & exploitability

Attack vectorNetwork

Attack complexityLow

Privileges requiredNone

User interactionRequired

Confidentiality impactHigh

Integrity impactNone

Availability impactNone

Exploit probability (EPSS)6%

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected products we track (2)

LibreOffice Apache OpenOffice

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Additional information

NVD record
http://www.openwall.com/lists/oss-security/2012/12/14/1Advisory
http://www.openwall.com/lists/oss-security/2023/12/28/6
http://www.openwall.com/lists/oss-security/2024/01/03/6
http://www.openwall.com/lists/oss-security/2024/01/03/7
https://access.redhat.com/security/cve/cve-2012-5639Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5639Advisory
https://lists.apache.org/thread.html/r253f92d0e6511d07a79774002e1d9db1d20b24bff27914a5adb14ccb%40%3Cissues.openoffice.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2012-5639Advisory