blob: 595afc7beab4c525e14be84a55aa1e103bd82d9b [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200701-07">
<title> EMF/WMF file handling vulnerabilities</title>
A truncation error and integer overflows in the EMF/WMF file handling of could be exploited to execute arbitrary code.
<product type="ebuild">openoffice</product>
<announced>January 12, 2007</announced>
<revised>January 12, 2007: 01</revised>
<package name="app-office/openoffice-bin" auto="yes" arch="*">
<unaffected range="ge">2.1.0</unaffected>
<vulnerable range="lt">2.1.0</vulnerable>
<package name="app-office/openoffice" auto="yes" arch="*">
<unaffected range="ge">2.0.4</unaffected>
<vulnerable range="lt">2.0.4</vulnerable>
<p> is an open source office productivity suite, including
word processing, spreadsheet, presentation, drawing, data charting,
formula editing, and file conversion facilities.
John Heasman of NGSSoftware has discovered integer overflows in the
EMR_POLYPOLYGON and EMR_POLYPOLYGON16 processing and an error within
the handling of META_ESCAPE records.
<impact type="normal">
An attacker could exploit these vulnerabilities to cause heap overflows
and potentially execute arbitrary code with the privileges of the user
running by enticing the user to open a document
containing a malicious WMF/EMF file.
There is no known workaround known at this time.
All binary users should update to version 2.1.0 or
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=app-office/openoffice-bin-2.1.0&quot;</code>
All users should update to version 2.0.4 or later:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=app-office/openoffice-2.0.4&quot;</code>
<uri link="">CVE-2006-5870</uri>
<metadata tag="requester" timestamp="Tue, 09 Jan 2007 18:48:36 +0000">
<metadata tag="submitter" timestamp="Tue, 09 Jan 2007 19:06:14 +0000">
<metadata tag="bugReady" timestamp="Fri, 12 Jan 2007 12:16:11 +0000">