Charlie Miller has discovered two vulnerabilities in OpenOffice.org Impress, which can be exploited by malicious people to compromise a user's system and execute arbitrary code. An integer truncation error when parsing certain content can be exploited to cause a heap-based buffer overflow via a specially crafted file. A short integer overflow error when parsing certain content can be exploited to cause a heap-based buffer overflow via a specially crafted file. For the stable distribution (lenny) these problems have been fixed in version 2.4.1+dfsg-1+lenny8. For the testing (squeeze) and unstable (sid) distributions these problems have been fixed in version 3.2.1-6. We recommend that you upgrade your openoffice.org packages.
Charlie Miller has discovered two vulnerabilities in OpenOffice.org Impress, which can be exploited by malicious people to compromise a user's system and execute arbitrary code.
An integer truncation error when parsing certain content can be exploited to cause a heap-based buffer overflow via a specially crafted file.
A short integer overflow error when parsing certain content can be exploited to cause a heap-based buffer overflow via a specially crafted file.
For the stable distribution (lenny) these problems have been fixed in version 2.4.1+dfsg-1+lenny8.
For the testing (squeeze) and unstable (sid) distributions these problems have been fixed in version 3.2.1-6.
We recommend that you upgrade your openoffice.org packages.
MD5 checksums of the listed files are available in the original advisory.