Joined: 12 May 2004
|Posted: Sat Sep 03, 2005 9:28 am Post subject: [ GLSA 200509-02 ] Gnumeric: Heap overflow in the included P
|Gentoo Linux Security Advisory
Title: Gnumeric: Heap overflow in the included PCRE library (GLSA 200509-02)
Date: September 03, 2005
Gnumeric is vulnerable to a heap overflow, possibly leading to the
execution of arbitrary code.
The Gnumeric spreadsheet is a versatile application developed as
part of the GNOME Office project. libpcre is a library providing
functions for Perl-compatible regular expressions.
Vulnerable: < 1.4.3-r2
Unaffected: >= 1.4.3-r2
Architectures: All supported architectures
Gnumeric contains a private copy of libpcre which is subject to an
integer overflow leading to a heap overflow (see GLSA 200508-17).
An attacker could potentially exploit this vulnerability by
tricking a user into opening a specially crafted spreadsheet, which
could lead to the execution of arbitrary code with the privileges of
the user running Gnumeric.
There is no known workaround at this time.
All Gnumeric users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/gnumeric-1.4.3-r2"
Last edited by GLSA on Mon Jun 10, 2013 4:21 am; edited 2 times in total