December 7, 2016

Apache Publishes Details of Security Fixes Made for OpenOffice 3.4

(LiveHacking.Com) – The Apache Software Foundation (ASF) recently released OpenOffice 3.4 the first stable release since OpenOffice was accepted by the ASF from Oracle in the middle of last year. Along with new features, like improved ODF 1.2 encryption support, the release also fixed some security related bugs from previous OpenOffice releases. Details of these vulnerabilities have now been published.

The first of the three is a buffer overflow in the vclmi.dll module when allocating memory for an embedded image object. This can be exploited to cause a heap-based buffer overflow via specially crafted JPEG images within a Word document. OpenOffice 3.3 and the 3.4 Beta are affected.

The second vulnerability was in libwpd. This Wordperfect library had a memory overwrite vulnerability that could be exploited by a specially crafted Wordperfect WPD-format document, potentially leading to arbitrary-code execution at application user privilege level. OpenOffice 3.3 and the 3.4 Beta are affected.

Finally, a code review found some unchecked memory allocations, which could be exploited via malformed Powerpoint graphics records (“escher”) to cause bad_alloc exceptions. From this vulnerability a denial of service attack is possible.

All OpenOffice.org 3.3.0 and 3.4 beta users are advised to upgrade to Apache OpenOffice 3.4. Users who are unable to upgrade should be wary of opening untrusted documents.