In association with heise online

05 October 2011, 14:13

LibreOffice testing gets fuzzy

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

LibreOffice logo The LibreOffice developers have now published some details of the security fixes they incorporated in LibreOffice 3.4.3 and applied to the older LibreOffice 3.3.4 release. Full details will be withheld until more users have migrated to the new version. This includes a correction which removes a memory corruption vulnerability when loading Microsoft Word documents that could have allowed a specially crafted document to execute arbitrary code. Listed as CVE-2011-2713, there is currently no severity rating or further details on the issue.

Other fixes have been applied to flaws found through applying fuzz testing techniques to parts of the open source office suite. The developers say they have made various improvements to the loading of .wmf (Windows Metafile) and .emf Windows Enhanced Metafile after fuzz testing. "Working on fuzzing LibreOffice import filters has been a great experience", said Marc-André Laverdière of Tata Consultancy Services, "Working in cooperation with TDF (The Document Foundation) development team, we have found and fixed serious security and crasher bugs."

A general program of improving stability through improving code quality has also led to some additional security patches and fixes. The Document Foundation recommends all users to upgrade to LibreOffice 3.4.3 which is available to download for Windows, Mac OS X and Linux from the project's site.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit