reproducible kpresenter crash
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
koffice |
Invalid
|
High
|
|||
koffice (Ubuntu) |
Fix Released
|
Undecided
|
Kees Cook |
Bug Description
Binary package hint: ark
Here is how to reproduce this bug:
1. Download this file:
http://
2. Open it in ark
3. Click on the PPT file in the archive
This could be a security vulnerability that might be exploited with a malicious ZIP archive.
Here is a backtrace:
Using host libthread_db library "/lib/tls/
[Thread debugging using libthread_db enabled]
[New Thread -1232533840 (LWP 10857)]
[KCrash handler]
#6 0xb7cdf37c in memcpy () from /lib/tls/
#7 0xb5322c3a in KLaola:
from /usr/lib/
#8 0xb53252a2 in KLaola::KLaola () from /usr/lib/
#9 0xb531fa10 in OLEFilter::convert () from /usr/lib/
#10 0xb5c390aa in KoFilterChain:
from /usr/lib/
#11 0xb5c391ff in KoFilterChain:
from /usr/lib/
#12 0xb5c4034e in KoFilterManager
#13 0xb5c41193 in KoDocument:
#14 0xb7ee28de in KParts:
url=
#15 0xb5c1bd16 in KoDocument::openURL () from /usr/lib/
#16 0xb6673ea4 in ArkViewer::view (this=0x8221890, filename=
at /build/
#17 0xb66795ff in ArkWidget:
success=true) at /build/
#18 0xb668f7d7 in ArkWidget:
at ./arkwidget.moc:531
#19 0xb721e957 in QObject:
#20 0xb721ecb1 in QObject:
#21 0xb665fd9e in Arch::sigExtract (this=0x81fb958, t0=true) at ./arch.moc:199
#22 0xb6669d34 in Arch::slotExtra
at /build/
#23 0xb666a422 in Arch::qt_invoke (this=0x81fb958, _id=3, _o=0xbfa15df4)
at ./arch.moc:225
#24 0xb666a75b in ZipArch::qt_invoke (this=0x81fb958, _id=3, _o=0xbfa15df4)
at ./zip.moc:77
#25 0xb721e957 in QObject:
#26 0xb77db6fe in KProcess:
at ./kprocess.moc:137
#27 0xb77db92f in KProcess:
at /build/
#28 0xb77d648f in KProcessControl
at /build/
#29 0xb77d65b2 in KProcessControl
_o=0xbfa15f78) at ./kprocctrl.moc:82
#30 0xb721e957 in QObject:
#31 0xb721f26e in QObject:
#32 0xb75abcdb in QSocketNotifier
#33 0xb7241516 in QSocketNotifier
#34 0xb71b5b88 in QApplication:
#35 0xb71b79b7 in QApplication:
#36 0xb78abdb2 in KApplication:
event=
at /build/
#37 0xb7148389 in QApplication:
#38 0xb71a7f81 in QEventLoop:
from /usr/lib/
#39 0xb715cea7 in QEventLoop:
#40 0xb71d025e in QEventLoop:
#41 0xb71d006e in QEventLoop::exec () from /usr/lib/
#42 0xb71b7731 in QApplication::exec () from /usr/lib/
#43 0xb67de49f in kdemain (argc=8, argv=0x80bba40)
at /build/
#44 0xb7f06524 in kdeinitmain (argc=8, argv=0x80bba40) at ark_dummy.cpp:3
#45 0x0804e4df in launch (argc=8, _name=0x80c6884 "ark", args=0x80c68d7 "",
cwd=0x0, envc=1, envs=0x80c68e8 "", reset_env=false, tty=0x0,
avoid_
startup_
at /build/
#46 0x0804ed6a in handle_
at /build/
#47 0x0804f118 in handle_requests (waitForPid=0)
at /build/
#48 0x080503ac in main (argc=5, argv=0xbfa16c14, envp=0xbfa16c2c)
at /build/
#49 0xb7c868cc in __libc_start_main () from /lib/tls/
#50 0x0804b971 in _start ()
CVE References
Changed in koffice: | |
status: | Unknown → Unconfirmed |
Changed in koffice: | |
status: | New → Unknown |
Changed in koffice: | |
importance: | Unknown → High |
status: | Unknown → Incomplete |
Changed in koffice: | |
status: | Incomplete → Invalid |
Version: 1.2.1 (using KDE KDE 3.1.3)
Installed from: RedHat RPMs
Compiler: gcc 3.2.2
OS: Linux
When opening a 36MB .ppt -document (probably created
in University of Helsinki by a teacher with MS Powerpoint),
kpresenter crashes and produces this note:
The application KPresenter (kpresenter) crashed and caused the signal 11
(SIGSEGV).
Due to large size of the ppt-file I can't upload it into www
but a can send it somehow (put it into my local www-site)
for a short period of time if asked <email address hidden>
An other, 182k .ppt -document, opens just fine.
The large document opens very slowly in OpenOffice (Linux) and finally
crashes it too, when OO has allocated approx. 250MB of RAM.
Using MS PowerPoint document opens in just seconds (!)
and using Windows-version of OpenOffice opens very slowly
but finally succeeds.
-- Backtrace --
(no debugging symbols found)...(no debugging symbols found)... libpthread. so.0 libpthread. so.0 :defaultCrashHa ndler(int) () libkdecore. so.4
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...[New Thread 16384 (LWP 1675)]
(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
0x41070567 in waitpid () from /lib/i686/
#0 0x41070567 in waitpid () from /lib/i686/
#1 0x407886ed in KCrash:
from /usr/lib/
#2 0x4106f...