LibreOffice users ought to update their software: a security hole has been discovered in the code used to import Microsoft Word documents into the open-source productivity suite. The latest version of the software contains a fix for the problem.
A memory corruption-related vulnerability in the import code creates a possible mechanism for virus writers to inject hostile code into vulnerable systems, developers at The Document Foundation warn. The bug was discovered by RedHat security researcher Huzaifa Sidhpurwala and fixed with version 3.4.3 of the package.
LibreOffice 3.4.3 also addresses lesser security problems involving loading Windows Metafile (.wmf) and Windows Enhanced Metafile (.emf) images into documents.
An advisory from LibreOffice on the vulnerability can be found here. ®