CVE-2012-2334

Naslov: CVE-2012-2334: Napaka celoštevilske prekoračitve pri napačno zapisanih datotekah PPT

Objavljeno: 16. maj 2012

Posodobljeno: 29. maj 2012

Popravljeno v: LibreOffice 3.5.3

Izvirni opis:
An integer overflow flaw, leading to buffer overflow, was found in the way LibreOffice processed invalid Escher graphics records length in PowerPoint documents. An attacker could provide a specially-crafted PowerPoint document that, when opened, would cause LibreOffice to crash or, potentially, execute arbitrary code with the privileges of the user running LibreOffice.

Thanks to Sven Jacobi for reporting the initial flaw. Thanks to Florian Weimer, Red Hat Product Security Team, for identifying the possibility integer overflow. Users are recommended to upgrade to 3.5.3 to avoid this flaw

Viri: