In association with heise online

25 September 2007, 12:21

Sun closes TIFF vulnerability in StarOffice

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Last week, with Version 2.3 of their open-source office software, the developers of OpenOffice closed a security hole that attackers could exploit to inject malicious code by means of manipulated TIFF images. Sun has now issued updates to rectify the same flaws in StarOffice, which is based on OpenOffice.

If a document contains a manipulated TIFF image, a buffer overflow may occur: routines for processing TIFFs take values from the Directory of the image file without checking, and use them to calculate the amount of memory that has to be reserved. An integer variable may overflow during this process, so that insufficient memory is requested for the image.

The fault affects StarOffice and StarSuite 6, 7 and 8 on the supported platforms – Solaris (Sparc and i386), Linux and Windows. Sun includes links to the patches in its security advisory. Administrators and users of the software should install the update immediately.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit