oss-sec mailing list archives

CVE Request -- OpenOffice.org [two ids]: 1, integer truncation error 2, short integer overflow

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 11 Aug 2010 12:37:27 +0200

Hi Steve, vendors,

  two security flaws have been reported against OpenOffice.org's Impress tool:
    [1] http://securityevaluators.com/files/papers/CrashAnalysis.pdf

A, an integer truncation error, leading to heap-based buffer overflow when
   processing dictionary property items of the input *.ppt file:

   References:
     [2] https://bugzilla.redhat.com/show_bug.cgi?id=622529
     [3] http://secunia.com/advisories/40775/
     [4] http://securityevaluators.com/files/papers/CrashAnalysis.pdf
     [5] http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690

B, a short integer overflow, leading to heap-based buffer overflow, when processing
   *.ppt document with too big polygons

   References:
     [6] https://bugzilla.redhat.com/show_bug.cgi?id=622555
     [7] http://secunia.com/advisories/40775/
     [8] http://securityevaluators.com/files/papers/CrashAnalysis.pdf
     [9] http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690

Could you allocate CVE ids for these two issues?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE Request -- OpenOffice.org [two ids]: 1, integer truncation error 2, short integer overflow Jan Lieskovsky (Aug 11)
- Re: CVE Request -- OpenOffice.org [two ids]: 1, integer truncation error 2, short integer overflow Josh Bressers (Aug 11)