Red Hat Bugzilla – Bug 450518
CVE-2008-2152 OpenOffice.org overflow possible on allocation
Last modified: 2008-06-19 06:52:35 EDT
Sean Larsson found a heap overflow flaw in the OpenOffice memory allocator. An
attacker could create a carefully crafted file that could cause OpenOffice.org
to crash or possibly execute arbitrary code if the file was opened by a victim.
This probably affects all OpenOffice shipped in RHEL3,4,5
Embargo is Jun 10 or 11 (2.4.1 release of OpenOffice.org)
Created attachment 308679 [details]
oo2 patch from caolan
Created attachment 308680 [details]
oo1.1 backported patch from caolan
opening bug, now public at:
openoffice.org-2.4.1-17.3.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
openoffice.org-2.3.0-6.15.fc8 has been submitted as an update for Fedora 8
openoffice.org-2.3.0-6.9.fc7 has been submitted as an update for Fedora 7
openoffice.org-2.3.0-6.9.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
openoffice.org-2.3.0-6.15.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in:
Red Hat Enterprise Linux: