In association with heise online

29 August 2012, 17:01

Apache OpenOffice update closes buffer overflow vulnerabilities

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Apache OpenOffice logo In addition to adding new translations, the latest 3.4.1 release of Apache OpenOffice from last week also closes important security holes (CVE-2012-2665) in the open source office suite. According to the project, the update addressed multiple heap-based buffer overflow vulnerabilities in the XML manifest encryption tag parsing code used by the software which could have been exploited by a remote attacker to cause a denial-of-service (DoS) or execute arbitrary code on a victim's system.

For an attack to be successful, a victim must first open a specially crafted Open Document Format (ODF) file. The problem has been confirmed in Apache OpenOffice 3.4.0, but its developers note that earlier versions of may also be affected. The same vulnerability has also been fixed in the LibreOffice productivity suite with the release of versions 3.5.5 and 3.6.0. All users are advised to upgrade.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit