In association with heise online

19 March 2007, 17:58

Hole in Office programs for Linux

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The [ttlipwpd[/tt]] library that processes WordPerfect documents has been used in the Linux programs Abiword since version 2.2, KOffice as of 1.4, and OpenOffice as of 2.0, among other places. The libwpd versions before the current 0.8.9 are vulnerable to a buffer overflow that allows malicious code to be injected. The buffer overflow can occur in the functions WP6GeneralTextPacket::_readContents(), WP3TablesGroup::_readContents() or WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup().

Linux distributors are already supplying packets with the current [ttlibwpd v0.8.9[/tt]]. As there is yet no patched version of OpenOffice, users are advised simply to refrain from opening WordPerfect documents from dubious sources; libwprd is hardwired in OpenOffice programs and therefore cannot be separately replaced.

For more information, see:

(ehe)

Print Version | Send by email | Permalink: http://h-online.com/-732507
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit