oss-sec mailing list archives
Re: CVE Request -- OpenOffice.org [two ids]: 1, integer truncation error 2, short integer overflow
From: Josh Bressers <bressers () redhat com>
Date: Wed, 11 Aug 2010 16:13:50 -0400 (EDT)
----- "Jan Lieskovsky" <jlieskov () redhat com> wrote:
Hi Steve, vendors, two security flaws have been reported against OpenOffice.org's Impress tool: [1] http://securityevaluators.com/files/papers/CrashAnalysis.pdf A, an integer truncation error, leading to heap-based buffer overflow when processing dictionary property items of the input *.ppt file: References: [2] https://bugzilla.redhat.com/show_bug.cgi?id=622529 [3] http://secunia.com/advisories/40775/ [4] http://securityevaluators.com/files/papers/CrashAnalysis.pdf [5] http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690
Use CVE-2010-2935 for this one.
B, a short integer overflow, leading to heap-based buffer overflow, when processing *.ppt document with too big polygons References: [6] https://bugzilla.redhat.com/show_bug.cgi?id=622555 [7] http://secunia.com/advisories/40775/ [8] http://securityevaluators.com/files/papers/CrashAnalysis.pdf [9] http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690
Use CVE-2010-2936 Thanks. -- JB
Current thread:
- CVE Request -- OpenOffice.org [two ids]: 1, integer truncation error 2, short integer overflow Jan Lieskovsky (Aug 11)
- Re: CVE Request -- OpenOffice.org [two ids]: 1, integer truncation error 2, short integer overflow Josh Bressers (Aug 11)