ID CVE-2009-2950
Summary Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, related to LZW decompression.
References
Vulnerable Configurations
  • Sun Microsystems OpenOffice.org 3.1.1
    cpe:2.3:a:sun:openoffice.org:3.1.1
  • Sun Microsystems OpenOffice.org 3.1.0
    cpe:2.3:a:sun:openoffice.org:3.1.0
  • Sun Microsystems OpenOffice.org 3.0.1
    cpe:2.3:a:sun:openoffice.org:3.0.1
  • Sun Microsystems OpenOffice.org 3.0.0
    cpe:2.3:a:sun:openoffice.org:3.0.0
  • Sun Microsystems OpenOffice.org 2.4.1
    cpe:2.3:a:sun:openoffice.org:2.4.1
  • Sun Microsystems OpenOffice.org 2.4.0
    cpe:2.3:a:sun:openoffice.org:2.4.0
  • Sun Microsystems OpenOffice.org 2.1.0
    cpe:2.3:a:sun:openoffice.org:2.1.0
  • Sun Microsystems OpenOffice.org 1.1.0
    cpe:2.3:a:sun:openoffice.org:1.1.0
  • Sun Microsystems OpenOffice.org 2.4.2
    cpe:2.3:a:sun:openoffice.org:2.4.2
  • cpe:2.3:a:sun:openoffice.org:2.4.3
    cpe:2.3:a:sun:openoffice.org:2.4.3
  • Sun Microsystems OpenOffice.org 2.3.0
    cpe:2.3:a:sun:openoffice.org:2.3.0
  • cpe:2.3:a:sun:openoffice.org:2.3.1
    cpe:2.3:a:sun:openoffice.org:2.3.1
  • Sun Microsystems OpenOffice.org 2.2.0
    cpe:2.3:a:sun:openoffice.org:2.2.0
  • cpe:2.3:a:sun:openoffice.org:2.2.1
    cpe:2.3:a:sun:openoffice.org:2.2.1
  • Sun Microsystems OpenOffice.org 2.0.0
    cpe:2.3:a:sun:openoffice.org:2.0.0
  • cpe:2.3:a:sun:openoffice.org:2.0.3
    cpe:2.3:a:sun:openoffice.org:2.0.3
CVSS
Base: 9.3 (as of 17-02-2010 - 10:20)
Impact:
Exploitability:
CWE CWE-119
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Overflow Binary Resource File
    An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Windows
    NASL id OPENOFFICE_32.NASL
    description The version of Sun Microsystems OpenOffice.org installed on the remote host is prior to version 3.2. It is, therefore, affected by several issues : - Signatures may not be handled properly due to a vulnerability in the libxml2 library. (CVE-2006-4339) - There is an HMAC truncation authentication bypass vulnerability in the libxmlsec library. (CVE-2009-0217) - The application is bundled with a vulnerable version of the Microsoft VC++ runtime. (CVE-2009-2493) - Specially crafted XPM files are not processed properly, which could lead to arbitrary code execution. (CVE-2009-2949) - Specially crafted GIF files are not processed properly, which could lead to arbitrary code execution. (CVE-2009-2950) - Specially crafted Microsoft Word documents are not processed properly, which could lead to arbitrary code execution. (CVE-2009-3301 / CVE-2009-3302)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 44597
    published 2010-02-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44597
    title Sun OpenOffice.org < 3.2 Multiple Vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-221.NASL
    description Multiple vulnerabilities was discovered and corrected in the OpenOffice.org : Integer overflow allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow (CVE-2009-2949). Heap-based buffer overflow allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, related to LZW decompression (CVE-2009-2950). Integer underflow allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document (CVE-2009-3301). boundary error flaw allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document (CVE-2009-3302). Lack of properly enforcing Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document (CVE-2010-0136). User-assisted remote attackers are able to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed (CVE-2010-0395). Impress module does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an integer truncation error (CVE-2010-2935). Integer overflow in the Impress allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer overflow (CVE-2010-2936). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 This update provides OpenOffice.org packages have been patched to correct these issues and additional dependent packages.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 50503
    published 2010-11-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50503
    title Mandriva Linux Security Advisory : openoffice.org (MDVSA-2010:221)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201408-19.NASL
    description The remote host is affected by the vulnerability described in GLSA-201408-19 (OpenOffice, LibreOffice: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenOffice and Libreoffice. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted file using OpenOffice, possibly resulting in execution of arbitrary code with the privileges of the process, a Denial of Service condition, execution of arbitrary Python code, authentication bypass, or reading and writing of arbitrary files. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 77467
    published 2014-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77467
    title GLSA-201408-19 : OpenOffice, LibreOffice: Multiple vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_C97D7A37223311DF96DD001B2134EF46.NASL
    description OpenOffice.org Security Team reports : Fixed in OpenOffice.org 3.2 CVE-2006-4339: Potential vulnerability from 3rd party libxml2 libraries CVE-2009-0217: Potential vulnerability from 3rd party libxmlsec libraries CVE-2009-2493: OpenOffice.org 3 for Windows bundles a vulnerable version of MSVC Runtime CVE-2009-2949: Potential vulnerability related to XPM file processing CVE-2009-2950: Potential vulnerability related to GIF file processing CVE-2009-3301/2: Potential vulnerability related to MS-Word document processing
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44922
    published 2010-03-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44922
    title FreeBSD : openoffice.org -- multiple vulnerabilities (c97d7a37-2233-11df-96dd-001b2134ef46)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0101.NASL
    description Updated openoffice.org packages that correct multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way OpenOffice.org parsed XPM files. An attacker could create a specially crafted document, which once opened by a local, unsuspecting user, could lead to arbitrary code execution with the permissions of the user running OpenOffice.org. Note: This flaw affects embedded XPM files in OpenOffice.org documents as well as stand-alone XPM files. (CVE-2009-2949) An integer underflow flaw and a boundary error flaw, both possibly leading to a heap-based buffer overflow, were found in the way OpenOffice.org parsed certain records in Microsoft Word documents. An attacker could create a specially crafted Microsoft Word document, which once opened by a local, unsuspecting user, could cause OpenOffice.org to crash or, potentially, execute arbitrary code with the permissions of the user running OpenOffice.org. (CVE-2009-3301, CVE-2009-3302) A heap-based buffer overflow flaw, leading to memory corruption, was found in the way OpenOffice.org parsed GIF files. An attacker could create a specially crafted document, which once opened by a local, unsuspecting user, could cause OpenOffice.org to crash. Note: This flaw affects embedded GIF files in OpenOffice.org documents as well as stand-alone GIF files. (CVE-2009-2950) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of OpenOffice.org applications must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44598
    published 2010-02-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44598
    title CentOS 3 / 4 / 5 : openoffice.org (CESA-2010:0101)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_OPENOFFICE_ORG-100225.NASL
    description This update of OpenOffice_org includes fixes for the following vulnerabilities : - XML signature weakness. (CVE-2009-0217) - XPM Import Integer Overflow. (CVE-2009-2949) - GIF Import Heap Overflow. (CVE-2009-2950) - MS Word sprmTDefTable Memory Corruption. (CVE-2009-3301) - MS Word sprmTDefTable Memory Corruption. (CVE-2009-3302) - In the ooo-build variant of OpenOffice_org VBA Macro support does not honor Macro security settings. (CVE-2010-0136) This also provides the maintenance update to OpenOffice.org-3.2. Details about all upstream changes can be found at http://development.openoffice.org/releases/3.2.0.html
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 51594
    published 2011-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51594
    title SuSE 11 Security Update : OpenOffice_org (SAT Patch Number 2080)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-1847.NASL
    description - Fri Feb 12 2010 Caolan McNamara - 1:3.1.1-19.26 - CVE-2009-2950 GIF file parsing heap overflow (caolanm) - CVE-2009-2949 integer overflow in XPM processing (caolanm) - CVE-2009-3301 .doc Table Parsing vulernability (caolanm) - CVE-2009-3302 .doc Table Parsing vulernability (caolanm) - Resolves: rhbz#561778 openoffice.org-3.2.0.oooXXXXX.svx.safestyledelete.patc h - Resolves: rhbz#561989 openoffice.org-3.2.0.ooo109009.sc.tooltipcrash.patch - Resolves: rhbz#445588 improve same name substitution - Tue Feb 2 2010 Caolan McNamara - 1:3.1.1-19.25 - Resolves: rhbz#549890 add workspace.extmgr01.patch (dtardon) - Resolves: rhbz#551983 OpenOffice writer crashes when opening document with link in footnote (dtardon) - Resolves: rhbz#550316 Openoffice.org Impress loses graphics when background color is changed (dtardon) - Resolves: rhbz#554259 No autocorrect files for Lithuanian (dtardon) - Resolves: rhbz#553929 [abrt] crash in ColorConfigCtrl_Impl::ScrollHdl (dtardon) - Resolves: rhbz#549573 improve document compare (caolanm) - Resolves: rbhz#555257 openoffice cannot use JPEG images using CMYK colorspace (dtardon) - Resolves: rhbz#558342 [abrt] crash in SvxNumOptionsTabPage::InitControls (dtardon) - Resolves: ooo#108637/rhbz#558253 sfx2 uisavedir (caolanm) - Resolves: rhbz#560435 rtf dropcap crash (caolanm) - Resolves: rhbz#560996/rhbz#560353 qstartfixes (caolanm) - Tue Dec 22 2009 Caolan McNamara - 1:3.1.1-19.24 - Resolves: rhbz#545824 bustage in writer with emboldened fonts - Fri Dec 18 2009 Caolan McNamara - 1:3.1.1-19.23 - Resolves: rhbz#548512 workspace.ooo32gsl03.patch - Tue Dec 15 2009 Caolan McNamara - 1:3.1.1-19.22 - Resolves: rhbz#529648 add workspace.fwk132.patch - Resolves: rhbz#547176 add openoffice.org-3.2.0.ooo47279.sd.objectsave.safe.patch - Wed Dec 9 2009 Caolan McNamara - 1:3.1.1-19.21 - Resolves: rhbz#544124 add openoffice.org-3.2.0.ooo106502.svx.fixspelltimer.patch - Resolves: rhbz#544218 add openoffice.org-3.2.0.ooo107552.vcl.sft.patch - Resolves: rhbz#545783 add workspace.vcl105.patch - Fri Nov 27 2009 Caolan McNamara - 1:3.1.1-19.20 - Resolves: rhbz#541222 add openoffice.org-3.2.0.ooo107260.dtrans.clipboard.shutdo wn.patch (caolanm) - Mon Nov 23 2009 Caolan McNamara - 1:3.1.1-19.19 - Resolves: rhbz#540379/ooo#107131 impress tabledrag crash - Resolves: rhbz#540231 add openoffice.org-3.2.0.oooXXXXX.canvas.fixcolorspace.pat ch - add openoffice.org-4.2.0.ooo107151.sc.pop-empty-cell.patch (dtardon) - Resolves: rhbz#533538 OpenOffice keyboard shortcuts mis-map in the Spanish localized version of OOo (caolanm) - Tue Nov 17 2009 Caolan McNamara - 1:3.1.1-19.18 - Resolves: ooo#59648 sw .doc export scaling (caolanm) - Tue Nov 10 2009 Caolan McNamara - 1:3.1.1-19.17 - Resolves: rhbz#533841 ooo#105710 svx loadstorenumbering (caolanm) [plus 8 lines in the Changelog] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 47276
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47276
    title Fedora 12 : openoffice.org-3.1.1-19.26.fc12 (2010-1847)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100212_OPENOFFICE_ORG_ON_SL5_X.NASL
    description CVE-2009-2950 openoffice.org: GIF file parsing heap overflow CVE-2009-2949 openoffice.org: integer overflow in XPM processing CVE-2009-3301 OpenOffice.org Word sprmTDefTable Memory Corruption CVE-2009-3302 OpenOffice.org Word sprmTSetBrc Memory Corruption An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way OpenOffice.org parsed XPM files. An attacker could create a specially crafted document, which once opened by a local, unsuspecting user, could lead to arbitrary code execution with the permissions of the user running OpenOffice.org. Note: This flaw affects embedded XPM files in OpenOffice.org documents as well as stand-alone XPM files. (CVE-2009-2949) An integer underflow flaw and a boundary error flaw, both possibly leading to a heap-based buffer overflow, were found in the way OpenOffice.org parsed certain records in Microsoft Word documents. An attacker could create a specially crafted Microsoft Word document, which once opened by a local, unsuspecting user, could cause OpenOffice.org to crash or, potentially, execute arbitrary code with the permissions of the user running OpenOffice.org. (CVE-2009-3301, CVE-2009-3302) A heap-based buffer overflow flaw, leading to memory corruption, was found in the way OpenOffice.org parsed GIF files. An attacker could create a specially crafted document, which once opened by a local, unsuspecting user, could cause OpenOffice.org to crash. Note: This flaw affects embedded GIF files in OpenOffice.org documents as well as stand-alone GIF files. (CVE-2009-2950) All running instances of OpenOffice.org applications must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60733
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60733
    title Scientific Linux Security Update : openoffice.org on SL5.x i386/x86_64
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100212_OPENOFFICE_ORG_ON_SL4_X.NASL
    description CVE-2009-2950 openoffice.org: GIF file parsing heap overflow CVE-2009-2949 openoffice.org: integer overflow in XPM processing CVE-2009-3301 OpenOffice.org Word sprmTDefTable Memory Corruption CVE-2009-3302 OpenOffice.org Word sprmTSetBrc Memory Corruption An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way OpenOffice.org parsed XPM files. An attacker could create a specially crafted document, which once opened by a local, unsuspecting user, could lead to arbitrary code execution with the permissions of the user running OpenOffice.org. Note: This flaw affects embedded XPM files in OpenOffice.org documents as well as stand-alone XPM files. (CVE-2009-2949) An integer underflow flaw and a boundary error flaw, both possibly leading to a heap-based buffer overflow, were found in the way OpenOffice.org parsed certain records in Microsoft Word documents. An attacker could create a specially crafted Microsoft Word document, which once opened by a local, unsuspecting user, could cause OpenOffice.org to crash or, potentially, execute arbitrary code with the permissions of the user running OpenOffice.org. (CVE-2009-3301, CVE-2009-3302) A heap-based buffer overflow flaw, leading to memory corruption, was found in the way OpenOffice.org parsed GIF files. An attacker could create a specially crafted document, which once opened by a local, unsuspecting user, could cause OpenOffice.org to crash. Note: This flaw affects embedded GIF files in OpenOffice.org documents as well as stand-alone GIF files. (CVE-2009-2950) All running instances of OpenOffice.org applications must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60732
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60732
    title Scientific Linux Security Update : openoffice.org on SL4.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_OPENOFFICE_ORG-BASE-DRIVERS-POSTGRESQL-100216.NASL
    description This update of OpenOffice_org includes fixes for the following vulnerabilities : - CVE-2009-0217: XML signature weakness - CVE-2009-2949: XPM Import Integer Overflow - CVE-2009-2950: GIF Import Heap Overflow - CVE-2009-3301: MS Word sprmTDefTable Memory Corruption - CVE-2009-3302: MS Word sprmTDefTable Memory Corruption - CVE-2010-0136: In the ooo-build variant of OpenOffice_org VBA Macro support does not honor Macro security settings.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 45075
    published 2010-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45075
    title openSUSE Security Update : OpenOffice_org-base-drivers-postgresql (OpenOffice_org-base-drivers-postgresql-1980)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0101.NASL
    description From Red Hat Security Advisory 2010:0101 : Updated openoffice.org packages that correct multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way OpenOffice.org parsed XPM files. An attacker could create a specially crafted document, which once opened by a local, unsuspecting user, could lead to arbitrary code execution with the permissions of the user running OpenOffice.org. Note: This flaw affects embedded XPM files in OpenOffice.org documents as well as stand-alone XPM files. (CVE-2009-2949) An integer underflow flaw and a boundary error flaw, both possibly leading to a heap-based buffer overflow, were found in the way OpenOffice.org parsed certain records in Microsoft Word documents. An attacker could create a specially crafted Microsoft Word document, which once opened by a local, unsuspecting user, could cause OpenOffice.org to crash or, potentially, execute arbitrary code with the permissions of the user running OpenOffice.org. (CVE-2009-3301, CVE-2009-3302) A heap-based buffer overflow flaw, leading to memory corruption, was found in the way OpenOffice.org parsed GIF files. An attacker could create a specially crafted document, which once opened by a local, unsuspecting user, could cause OpenOffice.org to crash. Note: This flaw affects embedded GIF files in OpenOffice.org documents as well as stand-alone GIF files. (CVE-2009-2950) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of OpenOffice.org applications must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67995
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67995
    title Oracle Linux 3 / 4 : openoffice.org (ELSA-2010-0101)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_OPENOFFICE_ORG-BASE-DRIVERS-POSTGRESQL-100211.NASL
    description This update of OpenOffice_org includes fixes for the following vulnerabilities : - CVE-2009-0217: XML signature weakness - CVE-2009-2949: XPM Import Integer Overflow - CVE-2009-2950: GIF Import Heap Overflow - CVE-2009-3301: MS Word sprmTDefTable Memory Corruption - CVE-2009-3302: MS Word sprmTDefTable Memory Corruption - CVE-2010-0136: In the ooo-build variant of OpenOffice_org VBA Macro support does not honor Macro security settings.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 45073
    published 2010-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45073
    title openSUSE Security Update : OpenOffice_org-base-drivers-postgresql (OpenOffice_org-base-drivers-postgresql-1981)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0101.NASL
    description Updated openoffice.org packages that correct multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way OpenOffice.org parsed XPM files. An attacker could create a specially crafted document, which once opened by a local, unsuspecting user, could lead to arbitrary code execution with the permissions of the user running OpenOffice.org. Note: This flaw affects embedded XPM files in OpenOffice.org documents as well as stand-alone XPM files. (CVE-2009-2949) An integer underflow flaw and a boundary error flaw, both possibly leading to a heap-based buffer overflow, were found in the way OpenOffice.org parsed certain records in Microsoft Word documents. An attacker could create a specially crafted Microsoft Word document, which once opened by a local, unsuspecting user, could cause OpenOffice.org to crash or, potentially, execute arbitrary code with the permissions of the user running OpenOffice.org. (CVE-2009-3301, CVE-2009-3302) A heap-based buffer overflow flaw, leading to memory corruption, was found in the way OpenOffice.org parsed GIF files. An attacker could create a specially crafted document, which once opened by a local, unsuspecting user, could cause OpenOffice.org to crash. Note: This flaw affects embedded GIF files in OpenOffice.org documents as well as stand-alone GIF files. (CVE-2009-2950) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of OpenOffice.org applications must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 44605
    published 2010-02-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44605
    title RHEL 3 / 4 / 5 : openoffice.org (RHSA-2010:0101)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100212_OPENOFFICE_ORG_ON_SL3_X.NASL
    description CVE-2009-2950 openoffice.org: GIF file parsing heap overflow CVE-2009-2949 openoffice.org: integer overflow in XPM processing CVE-2009-3301 OpenOffice.org Word sprmTDefTable Memory Corruption CVE-2009-3302 OpenOffice.org Word sprmTSetBrc Memory Corruption An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way OpenOffice.org parsed XPM files. An attacker could create a specially crafted document, which once opened by a local, unsuspecting user, could lead to arbitrary code execution with the permissions of the user running OpenOffice.org. Note: This flaw affects embedded XPM files in OpenOffice.org documents as well as stand-alone XPM files. (CVE-2009-2949) An integer underflow flaw and a boundary error flaw, both possibly leading to a heap-based buffer overflow, were found in the way OpenOffice.org parsed certain records in Microsoft Word documents. An attacker could create a specially crafted Microsoft Word document, which once opened by a local, unsuspecting user, could cause OpenOffice.org to crash or, potentially, execute arbitrary code with the permissions of the user running OpenOffice.org. (CVE-2009-3301, CVE-2009-3302) A heap-based buffer overflow flaw, leading to memory corruption, was found in the way OpenOffice.org parsed GIF files. An attacker could create a specially crafted document, which once opened by a local, unsuspecting user, could cause OpenOffice.org to crash. Note: This flaw affects embedded GIF files in OpenOffice.org documents as well as stand-alone GIF files. (CVE-2009-2950) All running instances of OpenOffice.org applications must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60731
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60731
    title Scientific Linux Security Update : openoffice.org on SL3.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-1941.NASL
    description - Fri Feb 12 2010 Caolan McNamara - 1:3.1.1-19.12 - CVE-2009-2950 GIF file parsing heap overflow (caolanm) - CVE-2009-2949 integer overflow in XPM processing (caolanm) - CVE-2009-3301 .doc Table Parsing vulernability (caolanm) - CVE-2009-3302 .doc Table Parsing vulernability (caolanm) - Resolves: rhbz#549890 add workspace.extmgr01.patch (dtardon) - Resolves: rhbz#551983 OpenOffice writer crashes when opening document with link in footnote (dtardon) - Resolves: rhbz#550316 Openoffice.org Impress loses graphics when background color is changed (dtardon) - Resolves: rhbz#553929 [abrt] crash in ColorConfigCtrl_Impl::ScrollHdl (dtardon) - Resolves: rbhz#555257 openoffice cannot use JPEG images using CMYK colorspace (dtardon) - Resolves: rhbz#558342 [abrt] crash in SvxNumOptionsTabPage::InitControls (dtardon) - Tue Dec 15 2009 Caolan McNamara - 1:3.1.1-19.11 - Resolves: rhbz#529648 add workspace.fwk132.patch - Wed Dec 9 2009 Caolan McNamara - 1:3.1.1-19.10 - Resolves: rhbz#545783 add workspace.vcl105.patch (caolanm) - Wed Dec 9 2009 Caolan McNamara - 1:3.1.1-19.9 - add openoffice.org-4.2.0.ooo107151.sc.pop-empty-cell.patch (dtardon) - Resolves: rhbz#533538 OpenOffice keyboard shortcuts mis-map in the Spanish localized version of OOo (caolanm) - Tue Nov 10 2009 Caolan McNamara - 1:3.1.1-19.8 - Resolves: rhbz#533841 ooo#105710 svx loadstorenumbering (caolanm) - Thu Nov 5 2009 Caolan McNamara - 1:3.1.1-19.7 - Resolves: ooo#106523 fix pdf/A export on x86_64 (caolanm) - Thu Nov 5 2009 Caolan McNamara - 1:3.1.1-19.6 - Resolves: rhbz#533146 calc notes go missing on save - Wed Oct 28 2009 Caolan McNamara - 1:3.1.1-19.5 - Resolves: rhbz#531554 add workspace.chart41.patch - Wed Oct 21 2009 Caolan McNamara - 1:3.1.1-19.4 - Resolves: rhbz#522839 crash on exit after loading .doc - Resolves: rhbz#529746 crash on exit after loading .ppt - Mon Sep 7 2009 Caolan McNamara - 1:3.1.1-19.3 - Resolves: rhbz#521460 - wrong UI label for A3/A5 page sizes in translations - Wed Sep 2 2009 Caolan McNamara - 1:3.1.1-19.2 - Resolves: rhbz#520772 copy/paste cockup - Fri Aug 28 2009 Caolan McNamara - 1:3.1.1-19.1 - update to 3.1.1 - Resolves: rhbz#512355 add openoffice.org-3.1.0.ooo103651.canvas.nosubpixel.patc - add workspace.os132.patch to avoid switch html view overwrite horror - Resolves: rhbz#517843 add openoffice.org-3.1.1.ooo104306.moverecentlyused.patch - Resolves: rhbz#514683 add openoffice.org-3.1.1.ooo104329.dbaccess.primarykeys.pa tch - Resolves: rbhz#501141 Images and Frames disappear in sequential printing - backport workspace.vcl102.patch to fix xdg support - add workspace.cmcfixes62.patch for 64bit odbc goodness and rebuild against now 64bit-safe unixODBC headers - Thu Jul 9 2009 Caolan McNamara - 1:3.1.0-11.5 [plus 13 lines in the Changelog] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 47289
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47289
    title Fedora 11 : openoffice.org-3.1.1-19.12.fc11 (2010-1941)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPENOFFICE_ORG-6884.NASL
    description This update of OpenOffice_org includes fixes for the following vulnerabilities : - XML signature weakness CVE-2009-2949: XPM Import Integer Overflow CVE-2009-2950: GIF Import Heap Overflow CVE-2009-3301: MS Word sprmTDefTable Memory Corruption CVE-2009-3302: MS Word sprmTDefTable Memory Corruption CVE-2010-0136: In the ooo-build variant of OpenOffice_org VBA Macro support does not honor Macro security settings. (CVE-2009-0217) This also provides the maintenance update to OpenOffice.org-3.2.
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 51685
    published 2011-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51685
    title SuSE 10 Security Update : OpenOffice_org (ZYPP Patch Number 6884)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_OPENOFFICE_ORG-100226.NASL
    description This update of OpenOffice_org includes fixes for the following vulnerabilities : - XML signature weakness. (CVE-2009-0217) - XPM Import Integer Overflow. (CVE-2009-2949) - GIF Import Heap Overflow. (CVE-2009-2950) - MS Word sprmTDefTable Memory Corruption. (CVE-2009-3301) - MS Word sprmTDefTable Memory Corruption. (CVE-2009-3302) - In the ooo-build variant of OpenOffice_org VBA Macro support does not honor Macro security settings. (CVE-2010-0136) This also provides the maintenance update to OpenOffice.org-3.2. Details about all upstream changes can be found at http://development.openoffice.org/releases/3.2.0.html
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 45064
    published 2010-03-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45064
    title SuSE 11 Security Update : OpenOffice_org (SAT Patch Number 2080)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-903-1.NASL
    description It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. (CVE-2009-0217) Sebastian Apelt and Frank Reissner discovered that OpenOffice did not correctly import XPM and GIF images. If a user were tricked into opening a specially crafted image, an attacker could execute arbitrary code with user privileges. (CVE-2009-2949, CVE-2009-2950) Nicolas Joly discovered that OpenOffice did not correctly handle certain Word documents. If a user were tricked into opening a specially crafted document, an attacker could execute arbitrary code with user privileges. (CVE-2009-3301, CVE-2009-3302) It was discovered that OpenOffice did not correctly handle certain VBA macros correctly. If a user were tricked into opening a specially crafted document, an attacker could execute arbitrary macro commands, bypassing security controls. (CVE-2010-0136). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 44912
    published 2010-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44912
    title Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : openoffice.org vulnerabilities (USN-903-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_OPENOFFICE_ORG-100211.NASL
    description This update of OpenOffice_org includes fixes for the following vulnerabilities : - CVE-2009-0217: XML signature weakness - CVE-2009-2949: XPM Import Integer Overflow - CVE-2009-2950: GIF Import Heap Overflow - CVE-2009-3301: MS Word sprmTDefTable Memory Corruption - CVE-2009-3302: MS Word sprmTDefTable Memory Corruption - CVE-2010-0136: In the ooo-build variant of OpenOffice_org VBA Macro support does not honor Macro security settings.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 45071
    published 2010-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45071
    title openSUSE Security Update : OpenOffice_org (OpenOffice_org-1979)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1995.NASL
    description Several vulnerabilities have been discovered in the OpenOffice.org office suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-0136 It was discovered that macro security settings were insufficiently enforced for VBA macros. - CVE-2009-0217 It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This also affects the integrated libxmlsec library. - CVE-2009-2949 Sebastian Apelt discovered that an integer overflow in the XPM import code may lead to the execution of arbitrary code. - CVE-2009-2950 Sebastian Apelt and Frank Reissner discovered that a buffer overflow in the GIF import code may lead to the execution of arbitrary code. - CVE-2009-3301/ CVE-2009-3302 Nicolas Joly discovered multiple vulnerabilities in the parser for Word document files, which may lead to the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44859
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44859
    title Debian DSA-1995-1 : openoffice.org - several vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPENOFFICE_ORG-6883.NASL
    description This update of OpenOffice_org includes fixes for the following vulnerabilities : - XML signature weakness CVE-2009-2949: XPM Import Integer Overflow CVE-2009-2950: GIF Import Heap Overflow CVE-2009-3301: MS Word sprmTDefTable Memory Corruption CVE-2009-3302: MS Word sprmTDefTable Memory Corruption CVE-2010-0136: In the ooo-build variant of OpenOffice_org VBA Macro support does not honor Macro security settings. (CVE-2009-0217) This also provides the maintenance update to OpenOffice.org-3.2.
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 51684
    published 2011-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51684
    title SuSE 10 Security Update : OpenOffice_org (ZYPP Patch Number 6883)
oval via4
accepted 2013-04-29T04:11:05.197-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, related to LZW decompression.
family unix
id oval:org.mitre.oval:def:11050
status accepted
submitted 2010-07-09T03:56:16-04:00
title Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, related to LZW decompression.
version 24
redhat via4
advisories
rhsa
id RHSA-2010:0101
rpms
  • openoffice.org-0:1.1.2-46.2.0.EL3
  • openoffice.org-i18n-0:1.1.2-46.2.0.EL3
  • openoffice.org-libs-0:1.1.2-46.2.0.EL3
  • openoffice.org-0:1.1.5-10.6.0.7.EL4.3
  • openoffice.org-i18n-0:1.1.5-10.6.0.7.EL4.3
  • openoffice.org-kde-0:1.1.5-10.6.0.7.EL4.3
  • openoffice.org-libs-0:1.1.5-10.6.0.7.EL4.3
  • openoffice.org2-base-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-calc-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-core-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-draw-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-emailmerge-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-graphicfilter-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-impress-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-javafilter-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-af_ZA-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-ar-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-bg_BG-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-bn-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-ca_ES-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-cs_CZ-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-cy_GB-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-da_DK-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-de-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-el_GR-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-es-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-et_EE-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-eu_ES-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-fi_FI-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-fr-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-ga_IE-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-gl_ES-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-gu_IN-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-he_IL-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-hi_IN-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-hr_HR-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-hu_HU-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-it-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-ja_JP-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-ko_KR-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-lt_LT-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-ms_MY-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-nb_NO-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-nl-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-nn_NO-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-pa_IN-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-pl_PL-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-pt_BR-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-pt_PT-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-ru-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-sk_SK-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-sl_SI-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-sr_CS-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-sv-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-ta_IN-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-th_TH-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-tr_TR-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-zh_CN-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-zh_TW-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-zu_ZA-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-math-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-pyuno-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-testtools-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-writer-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-xsltfilter-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org-base-1:2.3.0-6.11.el5_4.4
  • openoffice.org-calc-1:2.3.0-6.11.el5_4.4
  • openoffice.org-core-1:2.3.0-6.11.el5_4.4
  • openoffice.org-draw-1:2.3.0-6.11.el5_4.4
  • openoffice.org-emailmerge-1:2.3.0-6.11.el5_4.4
  • openoffice.org-graphicfilter-1:2.3.0-6.11.el5_4.4
  • openoffice.org-headless-1:2.3.0-6.11.el5_4.4
  • openoffice.org-impress-1:2.3.0-6.11.el5_4.4
  • openoffice.org-javafilter-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-af_ZA-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ar-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-as_IN-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-bg_BG-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-bn-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ca_ES-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-cs_CZ-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-cy_GB-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-da_DK-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-de-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-el_GR-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-es-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-et_EE-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-eu_ES-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-fi_FI-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-fr-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ga_IE-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-gl_ES-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-gu_IN-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-he_IL-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-hi_IN-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-hr_HR-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-hu_HU-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-it-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ja_JP-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-kn_IN-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ko_KR-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-lt_LT-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ml_IN-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-mr_IN-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ms_MY-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-nb_NO-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-nl-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-nn_NO-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-nr_ZA-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-nso_ZA-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-or_IN-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-pa_IN-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-pl_PL-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-pt_BR-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-pt_PT-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ru-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-sk_SK-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-sl_SI-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-sr_CS-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ss_ZA-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-st_ZA-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-sv-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ta_IN-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-te_IN-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-th_TH-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-tn_ZA-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-tr_TR-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ts_ZA-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ur-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ve_ZA-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-xh_ZA-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-zh_CN-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-zh_TW-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-zu_ZA-1:2.3.0-6.11.el5_4.4
  • openoffice.org-math-1:2.3.0-6.11.el5_4.4
  • openoffice.org-pyuno-1:2.3.0-6.11.el5_4.4
  • openoffice.org-sdk-1:2.3.0-6.11.el5_4.4
  • openoffice.org-sdk-doc-1:2.3.0-6.11.el5_4.4
  • openoffice.org-testtools-1:2.3.0-6.11.el5_4.4
  • openoffice.org-writer-1:2.3.0-6.11.el5_4.4
  • openoffice.org-xsltfilter-1:2.3.0-6.11.el5_4.4
refmap via4
bid 38218
cert TA10-287A
confirm
debian DSA-1995
gentoo GLSA-201408-19
mandriva MDVSA-2010:221
sectrack 1023591
secunia
  • 38567
  • 38568
  • 38695
  • 38921
  • 41818
  • 60799
suse SUSE-SA:2010:017
ubuntu USN-903-1
vupen
  • ADV-2010-0366
  • ADV-2010-0635
  • ADV-2010-2905
xf openoffice-gif-bo(56238)
Last major update 13-11-2014 - 21:59
Published 16-02-2010 - 14:30
Last modified 18-09-2017 - 21:29
Back to Top