Joined: 25 Feb 2003
Location: Essen, Germany
|Posted: Tue Jan 11, 2005 5:47 pm Post subject: [ GLSA 200501-20 ] o3read: Buffer overflow during file conve
|Gentoo Linux Security Advisory
Title: o3read: Buffer overflow during file conversion (GLSA 200501-20)
Date: January 11, 2005
A buffer overflow in o3read allows an attacker to execute arbitrary code by way of a specially crafted XML file.
o3read is a standalone converter for OpenOffice.org files. It allows a user to dump the contents tree (o3read) and convert to plain text (o3totxt) or to HTML (o3tohtml) Writer and Calc files.
Vulnerable: <= 0.0.3
Unaffected: >= 0.0.4
Architectures: All supported architectures
Wiktor Kopec discovered that the parse_html function in o3read.c copies any number of bytes into a 1024-byte t array.
Using a specially crafted file, possibly delivered by e-mail or over the Web, an attacker may execute arbitrary code with the permissions of the user running o3read.
There is no known workaround at this time.
All o3read users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/o3read-0.0.4"
Wiktor Kopec advisory
Last edited by GLSA on Sun May 07, 2006 4:54 pm; edited 1 time in total