Date: prev next · Thread: first prev next last
2012 Archives by date, by thread · List index

[tdf-discuss] Re: security-related information, CVE-2012-1149, CVE-2012-2334


On 05/16/2012 08:57 AM, Caolán McNamara wrote:
https://www.libreoffice.org/advisories/

CVE-2012-1149 Integer overflows in graphic object loading

An integer overflow vulnerability in LibreOffice graphic loading code
could allow a remote attacker to cause a denial of service (application
crash) or potentially execute arbitrary code on vulnerable
installations of LibreOffice.

Thanks to Tielei Wang via Secunia SVCRP for reporting this flaw. Users
are recommended to upgrade to 3.5.3 to avoid this flaw

CVE-2012-2334 Denial of Service with malformed .ppt files

Reading invalid record lengths in LibreOffice powerpoint (escher)
import code could allow a remote attacker to cause a denial of service
(application crash) on vulnerable installations of LibreOffice.

Thanks to Sven Jacobi for reporting this flaw. Users are recommended to
upgrade to 3.5.3 to avoid this flaw

C.



Thanks for posting that - it's very much appreciated.

Any idea if 3.5.3 also addresses this one that also came out today?
http://www.openoffice.org/security/cves/CVE-2012-2149.html

LO 3.5.3.2 still has a filter for WPD files, and it would be very nice
if it continue to do so if the filter can be patched rather than removed
like AOO.

Thanks
Gary Lee


-- 
Unsubscribe instructions: E-mail to discuss+help@documentfoundation.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.documentfoundation.org/www/discuss/
All messages sent to this list will be publicly archived and cannot be deleted

Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.