CVE-2012-2334

Vulnerabilities related to malformed Powerpoint files in OpenOffice.org 3.3.0

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:

• OpenOffice.org 3.3 and 3.4 Beta, on all platforms.
• Earlier versions may be also affected.

Description:

A review of the code in filter/source/msfilter msdffimp.cxx revealed some unchecked memory allocations, which could be exploited via malformed Powerpoint graphics records ("escher") to cause bad_alloc exceptions. From this vulnerability a denial of service attack is possible.

Mitigation

OpenOffice.org 3.3.0 and 3.4 beta users are advised to upgrade to Apache OpenOffice 3.4. Users who are unable to upgrade immediately should be cautious when opening untrusted documents.

Credits

The Apache OpenOffice Security Team credits Sven Jacobias as the discoverer of this flaw.

---

Security Home -> Bulletin -> CVE-2012-2334