CVE-2008-2152

NameCVE-2008-2152
DescriptionInteger overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
openoffice.orgsource(unstable)(not affected)

Notes

- openoffice.org <not-affected> (openoffice in Debian does not use the custom allocations but g/malloc)
see ooo-build/distro-configs/CommonLinux.conf.in, openoffice builds on Debian using
--with-alloc=system which causes the build scripts to use the system allocators instead of the
custom ones

Search for package or bug name: Reporting problems