A vulnerability in OpenOffice Impress could cause memory corruption.
|Package||app-office/openoffice-bin on all architectures|
|Affected versions||< 4.1.3|
|Unaffected versions||>= 4.1.3|
Apache OpenOffice is an open-source office software suite for word processing, spreadsheets, presentations, graphics, databases and more.
An exploitable out-of-bounds vulnerability exists in OpenOffice Impress when handling MetaActions.
A remote attacker could entice a user to open a specially crafted OpenDocument Presentation .ODP or Presentation Template .OTP file using OpenOffice Impress, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.
There is no known workaround at this time.
All OpenOffice users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-4.1.3"
March 19, 2017
March 19, 2017: 1