CVE-2008-3282

NameCVE-2008-3282
DescriptionInteger overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a "numeric truncation error," a different vulnerability than CVE-2008-2152.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
openoffice.orgsource(unstable)(not affected)

Notes

- openoffice.org <not-affected> (openoffice in Debian does not use the custom allocations but g/malloc)
see ooo-build/distro-configs/CommonLinux.conf.in, openoffice builds on Debian using
--with-alloc=system which causes the build scripts to use the system allocators instead of the
custom ones
Search for package or bug name: Reporting problems