Title: CVE-2012-0037: XML Entity Expansion flaw by processing RDF file

Announced: March 22 2012

Fixed in: LibreOffice 3.4.6/3.5.1


An XML Entity Expansion flaw was found in the way embedded Raptor library processed certain RDF and other XML-based format files. An attacker could create a specially-crafted file in an affected LibreOffice format which when opened could cause arbitrary code execution or local file inclusion.

Thanks to Timothy D. Morgan of VSR for reporting this flaw. Users are recommended to upgrade to 3.4.6 or 3.5.1 to avoid this flaw