Debian Security Advisory
DSA-2275-1 openoffice.org -- stack-based buffer overflow
- Date Reported:
- 07 Jul 2011
- Affected Packages:
- Security database references:
- No other external database security references currently available.
- More information:
Will Dormann and Jared Allar discovered that the Lotus Word Pro import filter of OpenOffice.org, a full-featured office productivity suite that provides a near drop-in replacement for Microsoft Office, is not properly handling object ids in the
.lwpfile format. An attacker can exploit this with a specially crafted file and execute arbitrary code with the rights of the victim importing the file.
The oldstable distribution (lenny) is not affected by this problem.
For the stable distribution (squeeze), this problem has been fixed in version 1:3.2.1-11+squeeze3.
For the testing distribution (wheezy), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in libreoffice version 1:3.3.3-1.
We recommend that you upgrade your openoffice.org packages.