[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#404105: CVE-2006-6628: Integer overflow in OpenOffice.org

severity 404105 important
thanks

Am Donnerstag, 21. Dezember 2006 20:29 schrieb Stefan Fritsch:
> Package: openoffice.org
> Version: 2.0.4.dfsg.2-1
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> 
> openoffice.org crashes when loading the exploit from [1]. There is inconclusive
> information whether this may be used to execute arbitrary code [2,3]. If this is
> a mere DoS you may of course downgrade the severity.

Doing with this. Note that we might not be affected anyway if this was exploitable
since we (sanely) use malloc/calloc/realloc/free from system (--with-alloc=system)
instead of re-implemented internal allocators (as Sun does)

Regards,

Rene
-- 
 .''`.  René Engelhard -- Debian GNU/Linux Developer
 : :' : http://www.debian.org | http://people.debian.org/~rene/
 `. `'  rene@debian.org | GnuPG-Key ID: 248AEB73
   `-   Fingerprint: 41FA F208 28D4 7CA5 19BB  7AD9 F859 90B0 248A EB73
Reply to: