[CVE-2008-2152] Integer overflow in rtl_allocateMemory() in OpenOffice.org
Bug #238925 reported by
Till Ulen
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openoffice.org (Ubuntu) |
Invalid
|
Undecided
|
Kees Cook |
Bug Description
Binary package hint: openoffice.org
CVE-2008-2152 description:
"A security vulnerability in the custom memory allocation function from OpenOffice.org may lead to heap overflows and allow a remote unprivileged user who provides a OpenOffice.org document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running OpenOffice.org. [...]
Affected releases
All versions between OpenOffice.org 2.0 and 2.4 inclusive."
http://
See also: http://
CVE References
To post a comment you must log in.
As I understand it we are not actually vulnerable to this overflow, but I will be looking into the issue further tomorrow (Jun 11) to verify for certain.
Thanks!
Chris Cheney