481311 – [fix available] openoffice.org: Word processor crash due the improper recognition of an Unicode char in Type1 fonts [rhel3]

Bug 481311 - [fix available] openoffice.org: Word processor crash due the improper recognition of an Unicode char in Type1 fonts [rhel3]

Summary: [fix available] openoffice.org: Word processor crash due the improper recogni...

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 3
Classification:	Red Hat
Component:	openoffice.org
Sub Component:
Version:	3.9
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Caolan McNamara
QA Contact:	desktop-bugs@redhat.com
Docs Contact:
URL:	http://milw0rm.com/sploits/2008-crash...
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-01-23 15:12 UTC by Jan Lieskovsky
Modified:	2010-02-18 09:21 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2010-02-18 09:21:12 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
patch to fix (544 bytes, patch) 2009-01-23 15:26 UTC, Caolan McNamara	no flags	Details \| Diff
View All

Description Jan Lieskovsky 2009-01-23 15:12:33 UTC

Description of problem:

The Word processor, as shipped with OpenOffice.org packages crashes
due the improper recognition of an Unicode character in True Type1 fonts

More details from Caolan McNamara:

So this seems to be due to a unicode char 0xFFFF being looked up in an
Type1 font. Later versions of OOo filter out that glyph as a DELETED
glyph and don't ask the font for it, very old OOos like 1.1.5 don't.

Steps to reproduce:
1, wget http://milw0rm.com/sploits/2008-crash.doc.rar
2, unrar x 2008-crash.doc.rar
3, oowriter/ooffice test.doc

Actual result:
Application crash.

Expected result:
The file content displayed with no crash.

Comment 1 Caolan McNamara 2009-01-23 15:26:01 UTC

Created attachment 329845 [details]
patch to fix

Comment 2 Mark J. Cox 2009-01-27 07:09:08 UTC

Official Statement from Red Hat (01/23/2009)
    This issue can only result in an OpenOffice.org crash, not allowing arbitrary code execution. Red Hat does not consider a crash of a client application such as OpenOffice.org to be a security issue.

Comment 3 RHEL Program Management 2010-02-18 09:21:12 UTC

Development Management has reviewed and declined this request.  You may appeal
this decision by reopening this request.

Note You need to log in before you can comment on or make changes to this bug.