The vulnerability is caused by integer overflows when processing certain tags within Tiff images.
This problem could be exploited to cause heap-based buffer overflows, possibly by tricking a user into opening a specially crafted document.
Successful exploitation could allow the execution of arbitrary code and compromise a user's system, according to Secunia, which rated the vulnerability as 'highly critical'.
The vulnerabilities are reported in versions earlier than OpenOffice 2.3 and the problem can be fixed by upgrading to the latest version of the software.
Red Hat has updated its OpenOffice packages to correct the security issue in Red Hat Enterprise Linux versions 3, 4 and 5.
OpenOffice is a free office productivity suite that includes a word processor, spreadsheet, presentation manager, formula editor and drawing program.
OpenOffice hit by 'highly critical' flaw
By Matt Chapman on Sep 19, 2007 1:49PM