Gnumeric: Heap overflow in the included PCRE library
Gentoo Linux Security Advisory
||GLSA 200509-02 / Gnumeric
||September 03, 2005
||September 03, 2005: 01
All supported architectures
Gnumeric is vulnerable to a heap overflow, possibly leading to the
execution of arbitrary code.
The Gnumeric spreadsheet is a versatile application developed as
part of the GNOME Office project. libpcre is a library providing
functions for Perl-compatible regular expressions.
Gnumeric contains a private copy of libpcre which is subject to an
integer overflow leading to a heap overflow (see GLSA 200508-17).
An attacker could potentially exploit this vulnerability by
tricking a user into opening a specially crafted spreadsheet, which
could lead to the execution of arbitrary code with the privileges of
the user running Gnumeric.
There is no known workaround at this time.
All Gnumeric users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/gnumeric-1.4.3-r2"