Die siberas GmbH ein auf Sicherheitsanalysen und Penetrationstests spezialisiertes Beratungsunternehmen, welches Sie herstellerunabhängig und kompetent im Bereich IT-Sicherheit berät.


OpenOffice <3.2 XPM file parsing Heap Overflow

Reference ID: SSA-1002
Publication date: 13.02.2010
Severity: high
Discovered by: Sebastian Apelt

A Heap Overflow has been discovered in OpenOffice (versions <3.2) which can be triggered with a maliciously crafted XPM file. This vulnerability is caused by an Integer Overflow which leads to the allocation of a small-sized buffer. After the allocation this buffer can be overflown with very much control increasing the severity of the flaw. The usual advice not to open any XPM files from untrusted sources is not very helpful in this case since an attacker can easily embed the XPM file in common OpenOffice file formats (e.g. ODF).

OpenOffice Security Advisory