Title: CVE-2012-2334 Integer overflow flaw with malformed .ppt files

Announced: May 16 2012

Updated: May 29 2012

Fixed in: LibreOffice 3.5.3


An integer overflow flaw, leading to buffer overflow, was found in the way LibreOffice processed invalid Escher graphics records length in PowerPoint documents. An attacker could provide a specially-crafted PowerPoint document that, when opened, would cause LibreOffice to crash or, potentially, execute arbitrary code with the privileges of the user running LibreOffice.

Thanks to Sven Jacobi for reporting the initial flaw. Thanks to Florian Weimer, Red Hat Product Security Team, for identifying the possibility integer overflow. Users are recommended to upgrade to 3.5.3 to avoid this flaw