Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 11 Aug 2010 16:13:50 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: Caolan McNamara <caolanm@...hat.com>, David Tardon <dtardon@...hat.com>,
        Malte Timmermann <malte.timmermann@...cle.com>,
        "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE Request -- OpenOffice.org [two ids]: 1,
 integer truncation error 2, short integer overflow


----- "Jan Lieskovsky" <jlieskov@...hat.com> wrote:

> Hi Steve, vendors,
> 
>    two security flaws have been reported against OpenOffice.org's
> Impress tool:
>      [1] http://securityevaluators.com/files/papers/CrashAnalysis.pdf
> 
> A, an integer truncation error, leading to heap-based buffer overflow
> when
>     processing dictionary property items of the input *.ppt file:
> 
>     References:
>       [2] https://bugzilla.redhat.com/show_bug.cgi?id=622529
>       [3] http://secunia.com/advisories/40775/
>       [4]
> http://securityevaluators.com/files/papers/CrashAnalysis.pdf
>       [5]
> http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690

Use CVE-2010-2935 for this one.


> 
> B, a short integer overflow, leading to heap-based buffer overflow,
> when processing
>     *.ppt document with too big polygons
> 
>     References:
>       [6] https://bugzilla.redhat.com/show_bug.cgi?id=622555
>       [7] http://secunia.com/advisories/40775/
>       [8]
> http://securityevaluators.com/files/papers/CrashAnalysis.pdf
>       [9]
> http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690
> 

Use CVE-2010-2936

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.