openoffice.org: EMF files parsing EMR_BITBLT record heap overflows
Integer overflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an EMF file with a crafted EMRSTRETCHBLT record, which triggers a heap-based buffer overflow...