ID CVE-2009-2949
Summary Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:openoffice:-:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openoffice:-:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openoffice:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openoffice:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openoffice:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openoffice:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openoffice:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openoffice:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openoffice:1.1.4:patch1:*:*:*:*:*:*
    cpe:2.3:a:apache:openoffice:1.1.4:patch1:*:*:*:*:*:*
  • cpe:2.3:a:apache:openoffice:1.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openoffice:1.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openoffice:1.1.5:patch1:*:*:*:*:*:*
    cpe:2.3:a:apache:openoffice:1.1.5:patch1:*:*:*:*:*:*
  • cpe:2.3:a:apache:openoffice:1.1.5:patch2:*:*:*:*:*:*
    cpe:2.3:a:apache:openoffice:1.1.5:patch2:*:*:*:*:*:*
  • cpe:2.3:a:apache:openoffice:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openoffice:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openoffice:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openoffice:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openoffice:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openoffice:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openoffice:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openoffice:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openoffice:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openoffice:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openoffice:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openoffice:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openoffice:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openoffice:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openoffice:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openoffice:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openoffice:2.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openoffice:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openoffice:2.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openoffice:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openoffice:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openoffice:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openoffice:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openoffice:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openoffice:2.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openoffice:2.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openoffice:2.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openoffice:2.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openoffice:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openoffice:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openoffice:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openoffice:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openoffice:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openoffice:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openoffice:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openoffice:3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 07-02-2022 - 16:57)
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-04-29T04:02:42.148-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow.
family unix
id oval:org.mitre.oval:def:10176
status accepted
submitted 2010-07-09T03:56:16-04:00
title Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow.
version 30
redhat via4
advisories
rhsa
id RHSA-2010:0101
rpms
  • openoffice.org-0:1.1.2-46.2.0.EL3
  • openoffice.org-0:1.1.5-10.6.0.7.EL4.3
  • openoffice.org-base-1:2.3.0-6.11.el5_4.4
  • openoffice.org-calc-1:2.3.0-6.11.el5_4.4
  • openoffice.org-core-1:2.3.0-6.11.el5_4.4
  • openoffice.org-debuginfo-0:1.1.2-46.2.0.EL3
  • openoffice.org-debuginfo-0:1.1.5-10.6.0.7.EL4.3
  • openoffice.org-debuginfo-1:2.3.0-6.11.el5_4.4
  • openoffice.org-draw-1:2.3.0-6.11.el5_4.4
  • openoffice.org-emailmerge-1:2.3.0-6.11.el5_4.4
  • openoffice.org-graphicfilter-1:2.3.0-6.11.el5_4.4
  • openoffice.org-headless-1:2.3.0-6.11.el5_4.4
  • openoffice.org-i18n-0:1.1.2-46.2.0.EL3
  • openoffice.org-i18n-0:1.1.5-10.6.0.7.EL4.3
  • openoffice.org-impress-1:2.3.0-6.11.el5_4.4
  • openoffice.org-javafilter-1:2.3.0-6.11.el5_4.4
  • openoffice.org-kde-0:1.1.5-10.6.0.7.EL4.3
  • openoffice.org-langpack-af_ZA-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ar-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-as_IN-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-bg_BG-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-bn-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ca_ES-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-cs_CZ-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-cy_GB-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-da_DK-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-de-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-el_GR-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-es-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-et_EE-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-eu_ES-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-fi_FI-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-fr-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ga_IE-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-gl_ES-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-gu_IN-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-he_IL-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-hi_IN-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-hr_HR-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-hu_HU-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-it-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ja_JP-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-kn_IN-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ko_KR-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-lt_LT-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ml_IN-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-mr_IN-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ms_MY-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-nb_NO-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-nl-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-nn_NO-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-nr_ZA-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-nso_ZA-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-or_IN-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-pa_IN-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-pl_PL-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-pt_BR-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-pt_PT-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ru-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-sk_SK-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-sl_SI-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-sr_CS-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ss_ZA-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-st_ZA-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-sv-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ta_IN-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-te_IN-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-th_TH-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-tn_ZA-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-tr_TR-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ts_ZA-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ur-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-ve_ZA-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-xh_ZA-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-zh_CN-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-zh_TW-1:2.3.0-6.11.el5_4.4
  • openoffice.org-langpack-zu_ZA-1:2.3.0-6.11.el5_4.4
  • openoffice.org-libs-0:1.1.2-46.2.0.EL3
  • openoffice.org-libs-0:1.1.5-10.6.0.7.EL4.3
  • openoffice.org-math-1:2.3.0-6.11.el5_4.4
  • openoffice.org-pyuno-1:2.3.0-6.11.el5_4.4
  • openoffice.org-sdk-1:2.3.0-6.11.el5_4.4
  • openoffice.org-sdk-doc-1:2.3.0-6.11.el5_4.4
  • openoffice.org-testtools-1:2.3.0-6.11.el5_4.4
  • openoffice.org-writer-1:2.3.0-6.11.el5_4.4
  • openoffice.org-xsltfilter-1:2.3.0-6.11.el5_4.4
  • openoffice.org2-base-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-calc-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-core-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-debuginfo-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-draw-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-emailmerge-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-graphicfilter-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-impress-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-javafilter-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-af_ZA-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-ar-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-bg_BG-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-bn-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-ca_ES-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-cs_CZ-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-cy_GB-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-da_DK-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-de-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-el_GR-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-es-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-et_EE-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-eu_ES-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-fi_FI-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-fr-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-ga_IE-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-gl_ES-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-gu_IN-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-he_IL-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-hi_IN-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-hr_HR-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-hu_HU-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-it-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-ja_JP-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-ko_KR-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-lt_LT-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-ms_MY-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-nb_NO-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-nl-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-nn_NO-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-pa_IN-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-pl_PL-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-pt_BR-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-pt_PT-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-ru-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-sk_SK-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-sl_SI-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-sr_CS-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-sv-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-ta_IN-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-th_TH-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-tr_TR-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-zh_CN-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-zh_TW-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-langpack-zu_ZA-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-math-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-pyuno-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-testtools-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-writer-1:2.0.4-5.7.0.6.1.el4_8.3
  • openoffice.org2-xsltfilter-1:2.0.4-5.7.0.6.1.el4_8.3
refmap via4
bid 38218
cert TA10-287A
confirm
debian DSA-1995
gentoo GLSA-201408-19
mandriva MDVSA-2010:221
sectrack 1023591
secunia
  • 38567
  • 38568
  • 38695
  • 38921
  • 41818
  • 60799
suse SUSE-SA:2010:017
ubuntu USN-903-1
vupen
  • ADV-2010-0366
  • ADV-2010-0635
  • ADV-2010-2905
xf openoffice-xpm-bo(56236)
Last major update 07-02-2022 - 16:57
Published 16-02-2010 - 19:30
Last modified 07-02-2022 - 16:57
Back to Top