oss-sec mailing list archives
Re: CVE request: ppthtml heap-based buffer overflow
From: Murray McAllister <mmcallis () redhat com>
Date: Thu, 14 Nov 2013 16:07:00 +1100
On 11/14/2013 03:11 PM, Murray McAllister wrote:
Morning, A heap-based buffer overflow flaw was reported in ppthtml: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729279 Looking in xlhtml-0.5-15.fc19.src.rpm, I think the root cause of the problem is in __OLEdecode() with an under allocation here: 163 BDepot = (U8 *) malloc (0x0200 * (num_bbd_blocks + num_xbbd_blocks));
Setting num_bbd_blocks and num_xbbd_blocks both to "1" also leads similar problems.
Current thread:
- CVE request: ppthtml heap-based buffer overflow Murray McAllister (Nov 13)
- Re: CVE request: ppthtml heap-based buffer overflow Kurt Seifried (Nov 13)
- Re: CVE request: ppthtml heap-based buffer overflow Michael Gilbert (Nov 13)
- Re: CVE request: ppthtml heap-based buffer overflow Murray McAllister (Nov 13)