Bug 481312 - [fix available] openoffice.org: Word processor crash due the improper recognition of an Unicode char in Type1 fonts [rhel4.9]
[fix available] openoffice.org: Word processor crash due the improper recogni...
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: openoffice.org (Show other bugs)
All Linux
low Severity medium
: rc
: ---
Assigned To: Caolan McNamara
Depends On:
  Show dependency treegraph
Reported: 2009-01-23 10:14 EST by Jan Lieskovsky
Modified: 2010-02-18 04:40 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2010-02-18 04:40:36 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
patch to fix (544 bytes, patch)
2009-01-23 10:27 EST, Caolan McNamara
no flags Details | Diff

  None (edit)
Description Jan Lieskovsky 2009-01-23 10:14:58 EST
Description of problem:

The Word processor, as shipped with OpenOffice.org packages crashes
due the improper recognition of an Unicode character in True Type1 fonts

More details from Caolan McNamara:

So this seems to be due to a unicode char 0xFFFF being looked up in an
Type1 font. Later versions of OOo filter out that glyph as a DELETED
glyph and don't ask the font for it, very old OOos like 1.1.5 don't.

Steps to reproduce:
1, wget http://milw0rm.com/sploits/2008-crash.doc.rar
2, unrar x 2008-crash.doc.rar
3, oowriter/ooffice test.doc

Actual result:
Application crash.

Expected result:
The file content displayed with no crash.
Comment 1 Caolan McNamara 2009-01-23 10:27:17 EST
Created attachment 329846 [details]
patch to fix
Comment 2 Mark J. Cox 2009-01-27 02:09:46 EST
Official Statement from Red Hat (01/23/2009)
    This issue can only result in an OpenOffice.org crash, not allowing arbitrary code execution. Red Hat does not consider a crash of a client application such as OpenOffice.org to be a security issue.
Comment 3 RHEL Product and Program Management 2010-02-18 04:40:36 EST
Development Management has reviewed and declined this request.  You may appeal
this decision by reopening this request.

Note You need to log in before you can comment on or make changes to this bug.