Sun closes TIFF vulnerability in StarOffice
Last week, with Version 2.3 of their open-source office software, the developers of OpenOffice closed a security hole that attackers could exploit to inject malicious code by means of manipulated TIFF images. Sun has now issued updates to rectify the same flaws in StarOffice, which is based on OpenOffice.
If a document contains a manipulated TIFF image, a buffer overflow may occur: routines for processing TIFFs take values from the Directory of the image file without checking, and use them to calculate the amount of memory that has to be reserved. An integer variable may overflow during this process, so that insufficient memory is requested for the image.
The fault affects StarOffice and StarSuite 6, 7 and 8 on the supported platforms – Solaris (Sparc and i386), Linux and Windows. Sun includes links to the patches in its security advisory. Administrators and users of the software should install the update immediately.
- Manipulated TIFF Files or Documents Containing Manipulated TIFF Files May Lead to Heap Overflows and Arbitrary Code Execution, Notification by Sun
- OpenOffice 2.3 closes security hole, News item by heise Security