blob: d53b2ef21e21632fd9d8d4acb01ef7e71520cc75 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200501-20">
<title>o3read: Buffer overflow during file conversion</title>
A buffer overflow in o3read allows an attacker to execute arbitrary code by
way of a specially crafted XML file.
<product type="ebuild">o3read</product>
<announced>January 11, 2005</announced>
<revised>January 11, 2005: 01</revised>
<package name="app-text/o3read" auto="yes" arch="*">
<unaffected range="ge">0.0.4</unaffected>
<vulnerable range="le">0.0.3</vulnerable>
o3read is a standalone converter for files. It
allows a user to dump the contents tree (o3read) and convert to plain
text (o3totxt) or to HTML (o3tohtml) Writer and Calc files.
Wiktor Kopec discovered that the parse_html function in o3read.c
copies any number of bytes into a 1024-byte t[] array.
<impact type="normal">
Using a specially crafted file, possibly delivered by e-mail or
over the Web, an attacker may execute arbitrary code with the
permissions of the user running o3read.
There is no known workaround at this time.
All o3read users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=app-text/o3read-0.0.4&quot;</code>
<uri link="">CAN-2004-1288</uri>
<uri link="">Wiktor Kopec advisory</uri>
<metadata tag="requester" timestamp="Mon, 10 Jan 2005 22:12:42 +0000">
<metadata tag="bugReady" timestamp="Mon, 10 Jan 2005 22:13:07 +0000">
<metadata tag="submitter" timestamp="Tue, 11 Jan 2005 11:55:34 +0000">