Bug#404105: CVE-2006-6628: Integer overflow in OpenOffice.org

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#404105: CVE-2006-6628: Integer overflow in OpenOffice.org
From: Stefan Fritsch <sf@sfritsch.de>
Date: Thu, 21 Dec 2006 20:29:51 +0100
Message-id: <[🔎] 20061221192951.11673.46625.reportbug@k.lan>
Reply-to: Stefan Fritsch <sf@sfritsch.de>, 404105@bugs.debian.org

Package: openoffice.org
Version: 2.0.4.dfsg.2-1
Severity: grave
Tags: security
Justification: user security hole


openoffice.org crashes when loading the exploit from [1]. There is inconclusive
information whether this may be used to execute arbitrary code [2,3]. If this is
a mere DoS you may of course downgrade the severity.


[1] http://www.securityfocus.com/data/vulnerabilities/exploits/12122006-djtest.doc
[2] http://www.securityfocus.com/bid/21618/discuss
[3] http://www.securityfocus.com/archive/1/454545/30/0/threaded

Reply to:

Follow-Ups:
- Bug#404105: CVE-2006-6628: Integer overflow in OpenOffice.org
  - From: Rene Engelhard <rene@debian.org>

Prev by Date: Bug#404070: oowriter cannot open documents whose file name contains special (or unvalid) chars
Next by Date: Processed: tagging 404105, bug 404105 is forwarded to http://www.openoffice.org/issues/show_bug.cgi?id ... ... ...
Previous by thread: Bug#404070: oowriter cannot open documents whose file name contains special (or unvalid) chars
Next by thread: Bug#404105: CVE-2006-6628: Integer overflow in OpenOffice.org
Index(es):
- Date
- Thread