ID CVE-2009-2949
Summary Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:sun:openoffice.org:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:sun:openoffice.org:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:openoffice.org:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:sun:openoffice.org:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:openoffice.org:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:sun:openoffice.org:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:openoffice.org:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:sun:openoffice.org:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:openoffice.org:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:sun:openoffice.org:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:openoffice.org:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:sun:openoffice.org:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:openoffice.org:2.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:sun:openoffice.org:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:openoffice.org:2.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:sun:openoffice.org:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:openoffice.org:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:sun:openoffice.org:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:openoffice.org:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:sun:openoffice.org:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:openoffice.org:2.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:sun:openoffice.org:2.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:openoffice.org:2.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:sun:openoffice.org:2.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:openoffice.org:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:sun:openoffice.org:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:openoffice.org:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:sun:openoffice.org:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:openoffice.org:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:sun:openoffice.org:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:openoffice.org:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:sun:openoffice.org:3.1.1:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 19-09-2017 - 01:29)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-04-29T04:02:42.148-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow.
family unix
id oval:org.mitre.oval:def:10176
status accepted
submitted 2010-07-09T03:56:16-04:00
title Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow.
version 24
redhat via4
advisories
rhsa
id RHSA-2010:0101
rpms
  • openoffice.org-0:1.1.2-46.2.0.EL3
  • openoffice.org-i18n-0:1.1.2-46.2.0.EL3
  • openoffice.org-libs-0:1.1.2-46.2.0.EL3
  • openoffice.org-0:1.1.5-10.6.0.7.EL4.3
  • openoffice.org-i18n-0:1.1.5-10.6.0.7.EL4.3
  • openoffice.org-kde-0:1.1.5-10.6.0.7.EL4.3
  • openoffice.org-libs-0:1.1.5-10.6.0.7.EL4.3
  • openoffice.org2-base-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-calc-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-core-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-draw-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-emailmerge-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-graphicfilter-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-impress-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-javafilter-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-af_ZA-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-ar-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-bg_BG-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-bn-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-ca_ES-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-cs_CZ-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-cy_GB-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-da_DK-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-de-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-el_GR-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-es-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-et_EE-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-eu_ES-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-fi_FI-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-fr-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-ga_IE-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-gl_ES-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-gu_IN-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-he_IL-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-hi_IN-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-hr_HR-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-hu_HU-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-it-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-ja_JP-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-ko_KR-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-lt_LT-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-ms_MY-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-nb_NO-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-nl-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-nn_NO-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-pa_IN-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-pl_PL-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-pt_BR-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-pt_PT-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-ru-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-sk_SK-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-sl_SI-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-sr_CS-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-sv-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-ta_IN-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-th_TH-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-tr_TR-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-zh_CN-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-zh_TW-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-zu_ZA-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-math-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-pyuno-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-testtools-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-writer-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-xsltfilter-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org-base-1:2.3.0-6.11.el5_4.4
  • openoffice.org-calc-1:2.3.0-6.11.el5_4.4
  • openoffice.org-core-1:2.3.0-6.11.el5_4.4
  • openoffice.org-draw-1:2.3.0-6.11.el5_4.4
  • openoffice.org-emailmerge-1:2.3.0-6.11.el5_4.4
  • openoffice.org-graphicfilter-1:2.3.0-6.11.el5_4.4
  • openoffice.org-headless-1:2.3.0-6.11.el5_4.4
  • openoffice.org-impress-1:2.3.0-6.11.el5_4.4
  • openoffice.org-javafilter-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-af_ZA-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ar-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-as_IN-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-bg_BG-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-bn-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ca_ES-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-cs_CZ-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-cy_GB-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-da_DK-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-de-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-el_GR-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-es-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-et_EE-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-eu_ES-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-fi_FI-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-fr-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ga_IE-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-gl_ES-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-gu_IN-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-he_IL-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-hi_IN-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-hr_HR-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-hu_HU-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-it-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ja_JP-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-kn_IN-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ko_KR-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-lt_LT-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ml_IN-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-mr_IN-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ms_MY-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-nb_NO-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-nl-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-nn_NO-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-nr_ZA-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-nso_ZA-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-or_IN-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-pa_IN-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-pl_PL-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-pt_BR-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-pt_PT-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ru-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-sk_SK-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-sl_SI-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-sr_CS-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ss_ZA-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-st_ZA-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-sv-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ta_IN-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-te_IN-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-th_TH-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-tn_ZA-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-tr_TR-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ts_ZA-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ur-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ve_ZA-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-xh_ZA-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-zh_CN-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-zh_TW-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-zu_ZA-1:2.3.0-6.11.el5_4.4
  • openoffice.org-math-1:2.3.0-6.11.el5_4.4
  • openoffice.org-pyuno-1:2.3.0-6.11.el5_4.4
  • openoffice.org-sdk-1:2.3.0-6.11.el5_4.4
  • openoffice.org-sdk-doc-1:2.3.0-6.11.el5_4.4
  • openoffice.org-testtools-1:2.3.0-6.11.el5_4.4
  • openoffice.org-writer-1:2.3.0-6.11.el5_4.4
  • openoffice.org-xsltfilter-1:2.3.0-6.11.el5_4.4
refmap via4
bid 38218
cert TA10-287A
confirm
debian DSA-1995
gentoo GLSA-201408-19
mandriva MDVSA-2010:221
sectrack 1023591
secunia
  • 38567
  • 38568
  • 38695
  • 38921
  • 41818
  • 60799
suse SUSE-SA:2010:017
ubuntu USN-903-1
vupen
  • ADV-2010-0366
  • ADV-2010-0635
  • ADV-2010-2905
xf openoffice-xpm-bo(56236)
Last major update 19-09-2017 - 01:29
Published 16-02-2010 - 19:30
Back to Top