GLSA
Bodhisattva
Joined: 25 Feb 2003
Posts: 3826
Location: Essen, Germany
|
 Posted: Tue Jan 11, 2005 5:47 pm Post subject: [ GLSA 200501-20 ] o3read: Buffer overflow during file conve |
 |
|
Gentoo Linux Security Advisory
Title: o3read: Buffer overflow during file conversion (GLSA 200501-20)
Severity: normal
Exploitable: remote
Date: January 11, 2005
Bug(s): #74478
ID: 200501-20
Synopsis
A buffer overflow in o3read allows an attacker to execute arbitrary code by way of a specially crafted XML file.
Background
o3read is a standalone converter for OpenOffice.org files. It allows a user to dump the contents tree (o3read) and convert to plain text (o3totxt) or to HTML (o3tohtml) Writer and Calc files.
Affected Packages
Package: app-text/o3read
Vulnerable: <= 0.0.3
Unaffected: >= 0.0.4
Architectures: All supported architectures
Description
Wiktor Kopec discovered that the parse_html function in o3read.c copies any number of bytes into a 1024-byte t[] array.
Impact
Using a specially crafted file, possibly delivered by e-mail or over the Web, an attacker may execute arbitrary code with the permissions of the user running o3read.
Workaround
There is no known workaround at this time.
Resolution
All o3read users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/o3read-0.0.4" |
References
CAN-2004-1288
Wiktor Kopec advisory
Last edited by GLSA on Sun May 07, 2006 4:54 pm; edited 1 time in total |
|
News & Announcements
