Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice prior to 3.5.3, allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via the length of an Escher graphics record in a PowerPoint (.ppt) document, which triggers a buffer overflow.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache openoffice.org 3.3 |
||
apache openoffice.org 3.4 |
||
libreoffice libreoffice 3.3.1 |
||
libreoffice libreoffice 3.3.4 |
||
libreoffice libreoffice 3.4.5 |
||
libreoffice libreoffice 3.4.1 |
||
libreoffice libreoffice 3.4.2 |
||
libreoffice libreoffice 3.4.0 |
||
libreoffice libreoffice 3.3.3 |
||
libreoffice libreoffice 3.3.0 |
||
libreoffice libreoffice 3.3.2 |
||
libreoffice libreoffice 3.5 |
||
libreoffice libreoffice |