It was reported that it was possible to trigger a heap overflow leading to heap memory corruption in the way that OpenOffice.org parsed GIF files. This is not restricted to GIF files alone, but to embedded GIF files in OpenOffice.org documents. The bug is found in GIFLZWDecompressor::GIFLZWDecompressor (source/filter.vcl/lgif/decode.cxx) and is triggered during LZW decompression of GIF file content.
This is assigned CVE-2009-2950
Created attachment 365023 [details] upstream proposed patch upstream patch, should basically be relevant for all OOo releases
Public now via: http://www.openoffice.org/security/bulletin.html
http://www.openoffice.org/security/cves/CVE-2009-2950.html
This issue has been addressed in following products: Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2010:0101 https://rhn.redhat.com/errata/RHSA-2010-0101.html
openoffice.org-3.1.1-19.12.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/openoffice.org-3.1.1-19.12.fc11
openoffice.org-3.1.1-19.26.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/openoffice.org-3.1.1-19.26.fc12
openoffice.org-3.1.1-19.26.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
openoffice.org-3.1.1-19.12.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.