An integer overflow flaw, leading to buffer overflow, was found in the way OpenOffice.org processed invalid Escher graphics records length in PowerPoint documents. An attacker could provide a specially-crafted PowerPoint document that, when opened, would cause OpenOffice.org to crash or, potentially, execute arbitrary code with the privileges of the user running OpenOffice.org.
This issue affects the versions of the openoffice.org package, as shipped with Red Hat Enterprise Linux 5 and 6.
This issue affects the versions of the libreoffice package, as shipped with Fedora release of 15 and 16.
Upstream acknowledges Sven Jacobi as the original reporter of this issue.
Preliminary embargo date, proposed by upstream, is tomorrow, Wednesday, 16-th
May 2012 at 14:00 UTC time.
Created attachment 584890 [details]
(In reply to comment #8)
> Created attachment 584890 [details]
> RHEL-5 backport
applies and work for RHEL-6 too
LibreOffice upstream advisory:
OpenOffice.org upstream advisory:
Created attachment 586622 [details]
Updated RHEL-5 CVE-2012-2334 patch proposal from Caolan McNamara
Created attachment 587309 [details]
Created attachment 587370 [details]
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2012:0705 https://rhn.redhat.com/errata/RHSA-2012-0705.html