Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 11 Aug 2010 16:13:50 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: Caolan McNamara <caolanm@...hat.com>, David Tardon <dtardon@...hat.com>,
        Malte Timmermann <malte.timmermann@...cle.com>,
        "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE Request -- OpenOffice.org [two ids]: 1,
 integer truncation error 2, short integer overflow


----- "Jan Lieskovsky" <jlieskov@...hat.com> wrote:

> Hi Steve, vendors,
> 
>    two security flaws have been reported against OpenOffice.org's
> Impress tool:
>      [1] http://securityevaluators.com/files/papers/CrashAnalysis.pdf
> 
> A, an integer truncation error, leading to heap-based buffer overflow
> when
>     processing dictionary property items of the input *.ppt file:
> 
>     References:
>       [2] https://bugzilla.redhat.com/show_bug.cgi?id=622529
>       [3] http://secunia.com/advisories/40775/
>       [4]
> http://securityevaluators.com/files/papers/CrashAnalysis.pdf
>       [5]
> http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690

Use CVE-2010-2935 for this one.


> 
> B, a short integer overflow, leading to heap-based buffer overflow,
> when processing
>     *.ppt document with too big polygons
> 
>     References:
>       [6] https://bugzilla.redhat.com/show_bug.cgi?id=622555
>       [7] http://secunia.com/advisories/40775/
>       [8]
> http://securityevaluators.com/files/papers/CrashAnalysis.pdf
>       [9]
> http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690
> 

Use CVE-2010-2936

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ