o3read: Buffer overflow during file conversion — GLSA 200501-20

A buffer overflow in o3read allows an attacker to execute arbitrary code by way of a specially crafted XML file.

Affected packages

Package 	app-text/o3read on all architectures
Affected versions 	<= 0.0.3
Unaffected versions 	>= 0.0.4

Background

o3read is a standalone converter for OpenOffice.org files. It allows a user to dump the contents tree (o3read) and convert to plain text (o3totxt) or to HTML (o3tohtml) Writer and Calc files.

Description

Wiktor Kopec discovered that the parse_html function in o3read.c copies any number of bytes into a 1024-byte t[] array.

Impact

Using a specially crafted file, possibly delivered by e-mail or over the Web, an attacker may execute arbitrary code with the permissions of the user running o3read.

Workaround

There is no known workaround at this time.

Resolution

All o3read users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-text/o3read-0.0.4"

References

    CAN-2004-1288
    Wiktor Kopec advisory