KLA10855
Memory corruption vulnerability in Apache OpenOffice
Updated: 01/24/2020
Detect date
?
07/21/2016
Severity
?
High
Description

An unspecified vulnerability was found in Apache OpenOffice Impress. By exploiting this vulnerability malicious users can cause denial of service or execute arbitrary code. This vulnerability can be exploited remotely via a specially designed .ODP and .OTP files.


Technical details

An exploitable out-of-bounds vulnerability occurs while handling MetaActions.

Vulnerability is related to files:

  1. maintoolssourcegenericpoly2.cxx (see lines 217-230);
  2. mainvclsourcegdimetaact.cxx (see line 1189).
Affected products

Apache OpenOffice versions 4.1.2 and earlier
OpenOffice.org versions

Solution

Avoid to use Apache OpenOffice Impress within untrusted files. Install updates as soon as developer will release it. For further instructions take a look at original advisory.

Original advisories

Original Apache advisory

Impacts
?
ACE 
[?]

DoS 
[?]
Related products
OpenOffice.org
Apache OpenOffice
CVE-IDS
?