An integer overflow flaw, leading to buffer overflow, was found in the way OpenOffice.org processed invalid Escher graphics records length in PowerPoint documents. An attacker could provide a specially-crafted PowerPoint document that, when opened, would cause OpenOffice.org to crash or, potentially, execute arbitrary code with the privileges of the user running OpenOffice.org. Upstream patches: [1] http://cgit.freedesktop.org/libreoffice/core/commit/?id=28a6558f9d3ca2dda3191f8b5b3f2378ee2533da [2] http://cgit.freedesktop.org/libreoffice/core/commit/?id=512401decb286ba0fc3031939b8f7de8649c502e
This issue affects the versions of the openoffice.org package, as shipped with Red Hat Enterprise Linux 5 and 6. -- This issue affects the versions of the libreoffice package, as shipped with Fedora release of 15 and 16.
Acknowledgements: Upstream acknowledges Sven Jacobi as the original reporter of this issue.
Preliminary embargo date, proposed by upstream, is tomorrow, Wednesday, 16-th May 2012 at 14:00 UTC time.
Created attachment 584890 [details] RHEL-5 backport
(In reply to comment #8) > Created attachment 584890 [details] > RHEL-5 backport applies and work for RHEL-6 too
LibreOffice upstream advisory: [3] http://www.libreoffice.org/advisories/cve-2012-2334/ OpenOffice.org upstream advisory: [4] http://www.openoffice.org/security/cves/CVE-2012-2334.html
Statement: (none)
Created attachment 586622 [details] Updated RHEL-5 CVE-2012-2334 patch proposal from Caolan McNamara
Created attachment 587309 [details] final patch
Created attachment 587370 [details] final patch
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2012:0705 https://rhn.redhat.com/errata/RHSA-2012-0705.html