Language

The Free and Open Productivity Suite
Released: Apache OpenOffice 4.1.15

CVE-2010-3702 CVE-2010-3704

Security Vulnerability in OpenOffice.org's PDF Import extension resulting from 3rd party library XPDF

1. Impact

A security vulnerability in the 3rd party library XPDF (only used in the PDF import extension), related to PDF document processing, may allow a remote unprivileged user to execute arbitrary code on the system with the privileges of a local user running OpenOffice.org, if the local user opens a crafted PDF document provided by the remote user.

2. Affected releases

3. Symptoms

There are no predictable symptoms that would indicate this issue has occurred.

4. Relief/Workaround

To workaround the described issue, do not load documents from untrusted sources.

5. Resolution

This issue is addressed in the following release: PDF Import Extension 1.0.4

Security Home -> Bulletin -> CVE-2010-3702_CVE-2010-3704

Apache Software Foundation

Copyright & License | Privacy | Contact Us | Donate | Thanks

Apache, OpenOffice, OpenOffice.org and the seagull logo are registered trademarks of The Apache Software Foundation. The Apache feather logo is a trademark of The Apache Software Foundation. Other names appearing on the site may be trademarks of their respective owners.