libgsf: Buffer overflow
Gentoo Linux Security Advisory
||GLSA 200612-13 / libgsf
||December 12, 2006
||December 12, 2006: 01
All supported architectures
libgsf improperly allocates memory allowing for a heap overflow and
possibly the execution of arbitrary code.
The GNOME Structured File Library is an I/O library that can read and
write common file types and handle structured formats that provide
"infamous41md" has discovered that the "ole_init_info" function may
allocate too little memory for storing the contents of an OLE document,
resulting in a heap buffer overflow.
An attacker could entice a user to open a specially crafted OLE
document, and possibly execute arbitrary code with the rights of the
user opening the document.
There is no known workaround at this time.
All libgsf users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=gnome-extra/libgsf-1.14.2"