o3read: Buffer overflow during file conversion
Gentoo Linux Security Advisory
||GLSA 200501-20 / o3read
||January 11, 2005
||January 11, 2005: 01
All supported architectures
A buffer overflow in o3read allows an attacker to execute arbitrary code by
way of a specially crafted XML file.
o3read is a standalone converter for OpenOffice.org files. It
allows a user to dump the contents tree (o3read) and convert to plain
text (o3totxt) or to HTML (o3tohtml) Writer and Calc files.
Wiktor Kopec discovered that the parse_html function in o3read.c
copies any number of bytes into a 1024-byte t array.
Using a specially crafted file, possibly delivered by e-mail or
over the Web, an attacker may execute arbitrary code with the
permissions of the user running o3read.
There is no known workaround at this time.
All o3read users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/o3read-0.0.4"