Ubuntu Security Notice 482-1 - John Heasman discovered that OpenOffice did not correctly validate the sizes of tags in RTF documents. If a user were tricked into opening a specially crafted document, a remote attacker could execute arbitrary code with user privileges.
7125f458a76c35357a3a5556e199ff8306c37bfe70a8b6b4b8922c3fd9132772
Mandriva Linux Security Advisory - A heap overflow flaw was found in the RTF import filter of OpenOffice.org. If a victim were to open a specially-crafted RTF file, OpenOffice.org could crash or possibly execute arbitrary code.
36298dcee9b7a44e7d2bf0c5129c1df6c81c19ed6724e6b76947ad1bee2cf253
Gentoo Linux Security Advisory GLSA 200707-02 - John Heasman of NGSSoftware has discovered a heap-based buffer overflow when parsing the prdata tag in RTF files where the first token is smaller than the second one (CVE-2007-0245). Additionally, the OpenOffice binary program is shipped with a version of FreeType that contains an integer signedness error in the n_points variable in file truetype/ttgload.c, which was covered by GLSA 200705-22 (CVE-2007-2754). Versions less than 2.2.1 are affected.
9cb04ef59403568b53c2c509e72a62320270f7ee1742c121678b4e3642d88dbb
Debian Security Advisory 1307-1 - John Heasman discovered a heap overflow in the routines of OpenOffice.org that parse RTF files. A specially crafted RTF file could cause the filter to overwrite data on the heap, which may lead to the execution of arbitrary code.
2139484d018604471d79fd410433099becc92d1ed776c6ee01198c0279547d50