Debian Security Advisory

DSA-1246-1 -- buffer overflow

Date Reported:
08 Jan 2007
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 405679, Bug 405986.
In Mitre's CVE dictionary: CVE-2006-5870.
More information:

John Heasman from Next Generation Security Software discovered a heap overflow in the handling of Windows Metafiles in, the free office suite, which could lead to a denial of service and potentially execution of arbitrary code.

For the stable distribution (sarge) this problem has been fixed in version 1.1.3-9sarge4.

For the unstable distribution (sid) this problem has been fixed in version 2.0.4-1.

We recommend that you upgrade your package.

Fixed in:

Debian GNU/Linux 3.1 (sarge)

Architecture-independent component:
Intel IA-32:
IBM S/390:
Sun Sparc:

MD5 checksums of the listed files are available in the original advisory.