Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the length of an Escher graphics record in a PowerPoint (.ppt) document, which triggers a buffer overflow.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Openoffice.org | Apache | 3.3 (including) | 3.3 (including) |
Openoffice.org | Apache | 3.4-beta (including) | 3.4-beta (including) |