In association with heise online

02 August 2012, 10:46

LibreOffice vulnerable to multiple buffer overflows

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

LibreOffice logo Three weeks after releasing LibreOffice 3.5.5, The Document Foundation has confirmed that security holes in earlier versions of the open source LibreOffice productivity suite can be exploited by attackers to compromise a victim's system. According to the project's security advisory, these include multiple heap-based buffer overflow vulnerabilities in the XML manifest encryption tag parsing code.

Successful exploitation of the vulnerabilities could lead to the execution of arbitrary code on a system with the privileges of a local user. For an attack to be successful, a victim must first open a specially crafted Open Document Format (ODF) file. Versions up to and including LibreOffice 3.5.4 are affected; upgrading to version 3.5.5 or later fixes these problems. All users are advised to upgrade.

The developers note that the 3.6.0 release of LibreOffice also closes these holes. However, at the time of writing, this version has yet to be released only the fourth release candidate is available.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit