oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request -- OpenOffice.org [two ids]: 1, integer truncation error 2, short integer overflow

From: Josh Bressers <bressers () redhat com>
Date: Wed, 11 Aug 2010 16:13:50 -0400 (EDT)

----- "Jan Lieskovsky" <jlieskov () redhat com> wrote:


Hi Steve, vendors,

   two security flaws have been reported against OpenOffice.org's
Impress tool:
     [1] http://securityevaluators.com/files/papers/CrashAnalysis.pdf

A, an integer truncation error, leading to heap-based buffer overflow
when
    processing dictionary property items of the input *.ppt file:

    References:
      [2] https://bugzilla.redhat.com/show_bug.cgi?id=622529
      [3] http://secunia.com/advisories/40775/
      [4]
http://securityevaluators.com/files/papers/CrashAnalysis.pdf
      [5]
http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690


Use CVE-2010-2935 for this one.




B, a short integer overflow, leading to heap-based buffer overflow,
when processing
    *.ppt document with too big polygons

    References:
      [6] https://bugzilla.redhat.com/show_bug.cgi?id=622555
      [7] http://secunia.com/advisories/40775/
      [8]
http://securityevaluators.com/files/papers/CrashAnalysis.pdf
      [9]
http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690



Use CVE-2010-2936

Thanks.

-- 
    JB
Previous By Date Next
Previous By Thread Next

Current thread: