Name | CVE-2008-2152 |
Description | Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|
openoffice.org | source | (unstable) | (not affected) | | | |
Notes
- openoffice.org <not-affected> (openoffice in Debian does not use the custom allocations but g/malloc)
see ooo-build/distro-configs/CommonLinux.conf.in, openoffice builds on Debian using
--with-alloc=system which causes the build scripts to use the system allocators instead of the
custom ones