Flaws patched in TIFF parsing code.
Security researchers at
iDefense
revealed last week that
OpenOffice
version 2.0.4 and earlier versions are vulnerable to maliciously crafted TIFF files, which can be delivered in email attachments, published on websites or shared using peer-to-peer software.
According to
iDefense
, ‘When parsing the TIFF directory entries for certain tags, the parser uses untrusted values from the file to calculate the amount of memory to allocate. By providing specially crafted values, an integer overflow occurs in this calculation. This results in the allocation of a buffer of insufficient size, which in turn leads to a heap overflow.’ The full description can be found at the
iDefense
website
here
.
The latest release of the
OpenOffice
software – version 2.3, released 17 September, is not affected by the flaw.
Since the flaw was revealed,
Sun
, whose
StarOffice
software is based on
OpenOffice
, has issued updates to patch the same vulnerability in
StarOffice
and
StarSuite
6, 7 and 8 on
Solaris
,
Linux
and
Windows
. Users are advised to install the update – links to which can be found from the
Sun
security blog
– immediately.
Virus Bulletin magazine carries a two-part article by security researcher Eric Filiol on the security vulnerabilities and viral risks of the
OpenOffice
suite. Part one was published in the
September 2007 issue
of the magazine, with part two due to appear in October issue (publication date 1 October 2007). The magazine is available to subscribers only. Subscription information can be found
here
.
Posted on 26 September 2007 by
Virus Bulletin
Leave a Reply