On 05/16/2012 08:57 AM, Caolán McNamara wrote:
https://www.libreoffice.org/advisories/
CVE-2012-1149 Integer overflows in graphic object loading
An integer overflow vulnerability in LibreOffice graphic loading code
could allow a remote attacker to cause a denial of service (application
crash) or potentially execute arbitrary code on vulnerable
installations of LibreOffice.
Thanks to Tielei Wang via Secunia SVCRP for reporting this flaw. Users
are recommended to upgrade to 3.5.3 to avoid this flaw
CVE-2012-2334 Denial of Service with malformed .ppt files
Reading invalid record lengths in LibreOffice powerpoint (escher)
import code could allow a remote attacker to cause a denial of service
(application crash) on vulnerable installations of LibreOffice.
Thanks to Sven Jacobi for reporting this flaw. Users are recommended to
upgrade to 3.5.3 to avoid this flaw
C.
Thanks for posting that - it's very much appreciated.
Any idea if 3.5.3 also addresses this one that also came out today?
http://www.openoffice.org/security/cves/CVE-2012-2149.html
LO 3.5.3.2 still has a filter for WPD files, and it would be very nice
if it continue to do so if the filter can be patched rather than removed
like AOO.
Thanks
Gary Lee
--
Unsubscribe instructions: E-mail to discuss+help@documentfoundation.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.documentfoundation.org/www/discuss/
All messages sent to this list will be publicly archived and cannot be deleted
Context
- [tdf-discuss] Re: security-related information, CVE-2012-1149, CVE-2012-2334 · NoOp
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.