Jeff Mitchell

**Name of the Vulnerable Software and Affected Versions** Calligra versions 2.4.3 and earlier **Description** A heap-based buffer overflow issue exists in the read function in filters/words/msword-odf/wv2/src/styles.cpp, which is part of the Microsoft import filter. This allows remote attackers to cause a denial of service, resulting in an application crash, and possibly execute arbitrary code via a crafted ODF style in an ODF document. **Recommendations** For Calligra versions 2.4.3 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenPAM versions prior to r478 **Description** A directory traversal issue exists, allowing local users to load arbitrary DSOs and gain privileges via a .. (dot dot) in the `service name` argument to the `pam start()` function. This can be demonstrated by using a .. in the -c option to `kcheckpass`. **Recommendations** For OpenPAM versions prior to r478, update to version r478 or later to resolve the issue. As a temporary workaround, consider restricting access to the `pam start()` function to minimize the risk of exploitation. Avoid using the `service name` argument with untrusted input in the `pam start()` function until the issue is resolved.