I.DESCRIPTION:
- -------------
OpenOffice.org is an office productivity suite, including word
processing, spreadsheets, presentations, drawings, data charting,
formula editing, and file conversion facilities.
The vulnerability is caused due to a error within the .Doc document header
processing.This can be exploited to cause a heap-based buffer overflow.=20
[...]
Versions of packages openoffice.org depends on:
ii dictionaries-common [openoffi 0.25.4 Common utilities for spelling =
dict
ii openoffice.org-bin 1.1.3-8 OpenOffice.org office suite bi=
nary
ii openoffice.org-debian-files 1.1.3-8+1 Debian specific parts of OpenO=
ffic
ii openoffice.org-l10n-de [openo 1.1.3-8 German language package for Op=
enOf
ii openoffice.org-l10n-en [openo 1.1.3-8 English (US) language package =
for=20
ii ttf-opensymbol 1.1.3-8 The OpenSymbol TrueType font
ii xml-core 0.09 XML infrastructure and XML cat=
alog
-- no debconf information
--cWoXeonUoKmBZSoM
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
Message-ID: <email address hidden>
Date: Wed, 13 Apr 2005 00:38:16 +0200
From: Rene Engelhard <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: CAN-2005-0941: "OpenOffice DOC document Heap Overflow"
--cWoXeonUoKmBZSoM Disposition: inline Transfer- Encoding: quoted-printable
Content-Type: text/plain; charset=us-ascii
Content-
Content-
Package: openoffice.org
Version: 1.1.3-8
Severity: grave
Justification: user security hole
Tags: sarge sid experimental pending
=66rom full-disclosure (http:// archives. neohapsis. com/archives/ fulldisclosu= 04/0218. html):
re/2005-
OpenOffice DOC document Heap Overflow
[Security Advisory]
Advisory: [AD_LAB- 05001] OpenOffice DOC document Heap Overflow
Class: Design Error
DATE:30/3/2005
CVEID:CAN-2005-0941
Vulnerable:
<=3DOpenOffice OpenOffice 1.1.4
-OpenOffice OpenOffice 2.0dev
Unvulnerable: openoffice. org
Unknow
Vendor:
www.
I.DESCRIPTION:
- -------------
OpenOffice.org is an office productivity suite, including word
processing, spreadsheets, presentations, drawings, data charting,
formula editing, and file conversion facilities.
The vulnerability is caused due to a error within the .Doc document header
processing.This can be exploited to cause a heap-based buffer overflow.=20
[...]
-- System Information: 3Dde_DE@ euro (charmap= 3DISO-8859- 15)
Debian Release: testing/unstable
APT prefers unstable
APT policy: (990, 'unstable'), (400, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-k7
Locale: LANG=3Dde_DE@euro, LC_CTYPE=
Versions of packages openoffice.org depends on: org-debian- files 1.1.3-8+1 Debian specific parts of OpenO= org-l10n- de [openo 1.1.3-8 German language package for Op= org-l10n- en [openo 1.1.3-8 English (US) language package =
ii dictionaries-common [openoffi 0.25.4 Common utilities for spelling =
dict
ii openoffice.org-bin 1.1.3-8 OpenOffice.org office suite bi=
nary
ii openoffice.
ffic
ii openoffice.
enOf
ii openoffice.
for=20
ii ttf-opensymbol 1.1.3-8 The OpenSymbol TrueType font
ii xml-core 0.09 XML infrastructure and XML cat=
alog
-- no debconf information
--cWoXeonUoKmBZSoM pgp-signature; name="signature .asc" Description: Digital signature Disposition: inline
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
FmQsCSK63MRAhJI AJ9RvzELacwAKTI 4SaAJnoKRbc46Fg CfT2cS DTvgTggA=
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCXE3Y+
T82ElwiAVBKKHvw
=//v+
-----END PGP SIGNATURE-----
--cWoXeonUoKmBZ SoM--