Gentoo FoundationGLSA-200603-25OpenOffice.org: Heap overflow in included libcurl
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
22.9%
Background
OpenOffice.org is an office productivity suite, including word processing, spreadsheet, presentation, data charting, formula editing and file conversion facilities. libcurl, which is included in OpenOffice.org, is a free and easy-to-use client-side library for transferring files with URL syntaxes, supporting numerous protocols.
Description
OpenOffice.org includes libcurl code. This libcurl code is vulnerable to a heap overflow when it tries to parse a URL that exceeds a 256-byte limit (GLSA 200512-09).
Impact
An attacker could entice a user to call a specially crafted URL with OpenOffice.org, potentially resulting in the execution of arbitrary code with the rights of the user running the application.
Workaround
There is no known workaround at this time.
Resolution
All OpenOffice.org binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-2.0.2"
All OpenOffice.org users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/openoffice-2.0.1-r1"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | app-office/openoffice-bin | < 2.0.2 | UNKNOWN |
| Gentoo | any | all | app-office/openoffice | < 2.0.1-r1 | UNKNOWN |
Related
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
22.9%