Bug 251717 (CVE-2007-4251)

Summary: CVE-2007-4251 OpenOffice crashes upon opening certain files
Product: [Other] Security Response Reporter: Lubomir Kundrak <lkundrak>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: caolanm
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4251
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-08-14 08:31:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
patch to avoid none

Description Lubomir Kundrak 2007-08-10 16:38:44 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-4251
to the following vulnerability:

OpenOffice.org (OOo) 2.2 does not properly handle files with multiple extensions, which allows user-assisted remote attackers to cause a denial of service.

References:

http://www.securityfocus.com/archive/1/archive/1/475534/100/0/threaded
Comment 2 Caolan McNamara 2007-08-13 09:12:11 UTC 
"An issue in OpenOffice 2.2 Multiple File Extension Handling leads to denial
of service conditions. Due to the minimum severity of the issue, the
information is provided in Information Table. The issue does not allow code
execution. Eleytt provides exemplary PoC exploits for this issue for
reponsible security companies only."
Comment 3 Caolan McNamara 2007-08-13 09:14:36 UTC 
Created attachment 161161 [details]
patch to avoid

This patch should suffice. Is there a security bug here, not convinced really.
We throw on attempting to allocate the massive negative value string. 

Should this be reassigned to me and component openoffice.org ?
Comment 4 Lubomir Kundrak 2007-08-13 09:29:15 UTC 
Caolan: thanks for the investigation. Attempting to allocate a negative amount
of memory is not something we would call a security issue, so we don't want this
to be fixed in RHEL now.

This bug is here for serves as a reference to results of investigation and our
opinion about the issue so it's not to be assigned to you. In case wanted to fix
this you'd be assigned separate tracking bugs for each release.
Comment 5 Mark J. Cox 2007-08-14 08:31:06 UTC 
Red Hat does not consider this flaw a security issue. This flaw will only crash
OpenOffice.org if a victim opens a malicious document.