Debian Security Advisory
DSA-2487-1 openoffice.org -- buffer overflow
- Date Reported:
- 07 Jun 2012
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2012-1149, CVE-2012-2334.
- More information:
It was discovered that OpenOffice.org would not properly process crafted document files, possibly leading to arbitrary code execution.
Integer overflows in PNG image handling.
Integer overflow in operator new invocation and heap-based buffer overflow inside the MS-ODRAW parser.
For the stable distribution (squeeze), this problem has been fixed in version 1:3.2.1-11+squeeze6.
For the unstable distribution (sid), these problems have been fixed in version 1:3.5.2~rc2-1 of the libreoffice package.
We recommend that you upgrade your openoffice.org packages.