OpenOffice.org integer overflow error in vclmi.dll module when allocating memory for an embedded image object
- OpenOffice.org 3.3 and 3.4 Beta, on all platforms.
- Earlier versions may be also affected.
Vendor: The Apache Software Foundation
The vulnerability is caused due to an integer overflow error in the vclmi.dll module when allocating memory for an embedded image object. This can be exploited to cause a heap-based buffer overflow via, for example using a specially crafted JPEG object within a DOC file.
OpenOffice.org 3.3.0 and 3.4 beta users are advised to upgrade to Apache OpenOffice 3.4. Users who are unable to upgrade immediately should be cautious when opening untrusted documents.
The Apache OpenOffice Security Team credits Tielei Wang via Secunia SVCRP as the discoverer of this flaw.