Medium severity6.5NVD Advisory· Published Jun 17, 2012· Updated Apr 29, 2026
CVE-2012-0037
CVE-2012-0037
Description
Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
Affected products
19cpe:2.3:a:apache:openoffice:3.3.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:apache:openoffice:3.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:openoffice:3.4.0:beta:*:*:*:*:*:*
cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*range: <3.4.6
- cpe:2.3:a:libreoffice:libreoffice:3.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:storage_for_public_cloud:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Patches
1a676f235309ahttps://github.com/dajobe/raptorvia nvd-ref
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
31- www.openoffice.org/security/cves/CVE-2012-0037.htmlnvdMitigationPatch
- github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0nvdPatch
- lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0%40%3Ccommits.openoffice.apache.org%3EnvdMailing ListPatch
- www.openwall.com/lists/oss-security/2012/03/27/4nvdExploitMailing List
- rhn.redhat.com/errata/RHSA-2012-0410.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2012-0411.htmlnvdThird Party Advisory
- secunia.com/advisories/48479nvdBroken LinkVendor Advisory
- secunia.com/advisories/48493nvdBroken LinkVendor Advisory
- secunia.com/advisories/48526nvdBroken LinkVendor Advisory
- secunia.com/advisories/48529nvdBroken LinkVendor Advisory
- secunia.com/advisories/48542nvdBroken LinkVendor Advisory
- security.gentoo.org/glsa/glsa-201209-05.xmlnvdThird Party Advisory
- www.debian.org/security/2012/dsa-2438nvdThird Party Advisory
- www.gentoo.org/security/en/glsa/glsa-201408-19.xmlnvdThird Party Advisory
- www.libreoffice.org/advisories/CVE-2012-0037/nvdVendor Advisory
- www.securityfocus.com/bid/52681nvdBroken LinkThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/74235nvdThird Party AdvisoryVDB Entry
- blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/nvdRelease Notes
- librdf.org/raptor/RELEASE.htmlnvdRelease Notes
- lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.htmlnvdMailing List
- lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.htmlnvdMailing List
- secunia.com/advisories/48494nvdBroken Link
- secunia.com/advisories/48649nvdBroken Link
- secunia.com/advisories/50692nvdBroken Link
- secunia.com/advisories/60799nvdBroken Link
- vsecurity.com/resources/advisory/20120324-1/nvdBroken Link
- www.mandriva.com/security/advisoriesnvdBroken Link
- www.mandriva.com/security/advisoriesnvdBroken Link
- www.mandriva.com/security/advisoriesnvdBroken Link
- www.osvdb.org/80307nvdBroken Link
News mentions
0No linked articles in our index yet.