Package: openoffice.org
Version: 1.1.3-8
Severity: grave
Justification: user security hole
Tags: sarge sid experimental pending
from full-disclosure
(http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0218.html):
OpenOffice DOC document Heap Overflow
[Security Advisory]
Advisory:[AD_LAB-05001] OpenOffice DOC document Heap Overflow
Class: Design Error
DATE:30/3/2005
CVEID:CAN-2005-0941
Vulnerable:
<=OpenOffice OpenOffice 1.1.4
-OpenOffice OpenOffice 2.0dev
Unvulnerable:
Unknow
Vendor:
www.openoffice.org
I.DESCRIPTION:
- -
OpenOffice.org is an office productivity suite, including word
processing, spreadsheets, presentations, drawings, data charting,
formula editing, and file conversion facilities.
The vulnerability is caused due to a error within the .Doc document header
processing.This can be exploited to cause a heap-based buffer overflow.
[...]
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (990, 'unstable'), (400, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-k7
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages openoffice.org depends on:
ii dictionaries-common [openoffi 0.25.4 Common utilities for spelling dict
ii openoffice.org-bin1.1.3-8OpenOffice.org office suite binary
ii openoffice.org-debian-files 1.1.3-8+1 Debian specific parts of OpenOffic
ii openoffice.org-l10n-de [openo 1.1.3-8German language package for OpenOf
ii openoffice.org-l10n-en [openo 1.1.3-8English (US) language package for
ii ttf-opensymbol1.1.3-8The OpenSymbol TrueType font
ii xml-core 0.09 XML infrastructure and XML catalog
-- no debconf information
signature.asc
Description: Digital signature
