GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sat Sep 03, 2005 9:28 am Post subject: [ GLSA 200509-02 ] Gnumeric: Heap overflow in the included P |
 |
|
Gentoo Linux Security Advisory
Title: Gnumeric: Heap overflow in the included PCRE library (GLSA 200509-02)
Severity: normal
Exploitable: remote
Date: September 03, 2005
Bug(s): #104010
ID: 200509-02
Synopsis
Gnumeric is vulnerable to a heap overflow, possibly leading to the
execution of arbitrary code.
Background
The Gnumeric spreadsheet is a versatile application developed as
part of the GNOME Office project. libpcre is a library providing
functions for Perl-compatible regular expressions.
Affected Packages
Package: app-office/gnumeric
Vulnerable: < 1.4.3-r2
Unaffected: >= 1.4.3-r2
Architectures: All supported architectures
Description
Gnumeric contains a private copy of libpcre which is subject to an
integer overflow leading to a heap overflow (see GLSA 200508-17).
Impact
An attacker could potentially exploit this vulnerability by
tricking a user into opening a specially crafted spreadsheet, which
could lead to the execution of arbitrary code with the privileges of
the user running Gnumeric.
Workaround
There is no known workaround at this time.
Resolution
All Gnumeric users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/gnumeric-1.4.3-r2" |
References
CAN-2005-2491
GLSA 200508-17
Last edited by GLSA on Mon Jun 10, 2013 4:21 am; edited 2 times in total |
|
News & Announcements
