content/security/cves/CVE-2012-2334.html - openoffice-org - Git at Google

 <!doctype html public "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head profile="http://www.w3.org/2005/10/profile">
     <title>CVE-2012-2334</title>
     <style type="text/css">
     </style>
 </head>
 <body>
 <h2><a
 href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-2334">CVE-2012-2334</a></h2> <h3>Vulnerabilities related to
 malformed Powerpoint files in OpenOffice.org 3.3.0</h3>
 <ul>
     <h4>Severity: Important</h4> <h4>Vendor: The Apache Software Foundation</h4> <h4>Versions Affected:</h4>
     <ul>
         <li>
             OpenOffice.org 3.3 and 3.4 Beta, on all platforms.
         </li>
         <li>
             Earlier versions may be also affected.
         </li>
     </ul>
     <h4>Description:</h4>
     <p>
     A review of the code in filter/source/msfilter msdffimp.cxx revealed some unchecked memory allocations, which could be
     exploited via malformed Powerpoint graphics records ("escher") to cause bad_alloc exceptions. From this vulnerability a
     denial of service attack is possible.
     </p>
     <h4>Mitigation</h4>
     <p>
     OpenOffice.org 3.3.0 and 3.4 beta users are advised to <a
 		href="http://download.openoffice.org">upgrade to Apache OpenOffice 3.4</a>. Users who are unable to upgrade immediately
     should be cautious when opening untrusted documents.
     </p>
     <h4>Credits</h4>
     <p>
     The Apache OpenOffice Security Team credits Sven Jacobias as the discoverer
     of this flaw.
     </p>
     <hr />
     <p>
     <a href="http://security.openoffice.org">Security Home</a> -&gt; <a href="../bulletin.html">Bulletin</a> -&gt; <a href="CVE-2012-2334.html">CVE-2012-2334</a>
     </p>
 </body>
 </html>
	<!doctype html public "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
	<html xmlns="http://www.w3.org/1999/xhtml">
	<head profile="http://www.w3.org/2005/10/profile">
	<title>CVE-2012-2334</title>
	<style type="text/css">
	</style>
	</head>
	<body>
	<h2><a
	href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-2334">CVE-2012-2334</a></h2> <h3>Vulnerabilities related to
	malformed Powerpoint files in OpenOffice.org 3.3.0</h3>
	<ul>
	<h4>Severity: Important</h4> <h4>Vendor: The Apache Software Foundation</h4> <h4>Versions Affected:</h4>
	<ul>
	<li>
	OpenOffice.org 3.3 and 3.4 Beta, on all platforms.
	</li>
	<li>
	Earlier versions may be also affected.
	</li>
	</ul>
	<h4>Description:</h4>
	<p>
	A review of the code in filter/source/msfilter msdffimp.cxx revealed some unchecked memory allocations, which could be
	exploited via malformed Powerpoint graphics records ("escher") to cause bad_alloc exceptions. From this vulnerability a
	denial of service attack is possible.
	</p>
	<h4>Mitigation</h4>
	<p>
	OpenOffice.org 3.3.0 and 3.4 beta users are advised to <a
	href="http://download.openoffice.org">upgrade to Apache OpenOffice 3.4</a>. Users who are unable to upgrade immediately
	should be cautious when opening untrusted documents.
	</p>
	<h4>Credits</h4>
	<p>
	The Apache OpenOffice Security Team credits Sven Jacobias as the discoverer
	of this flaw.
	</p>
	<hr />
	<p>
	<a href="http://security.openoffice.org">Security Home</a> -> <a href="../bulletin.html">Bulletin</a> -> <a href="CVE-2012-2334.html">CVE-2012-2334</a>
	</p>
	</body>
	</html>