CVE-2009-2140

Multiple heap-based buffer overflows in cppcanvas/source/mtfrenderer/emfplus.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allow remote attackers to execute arbitrary code via a crafted EMF+ file, a similar issue to CVE-2008-2238.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://cgit.freedesktop.org/ooo-build/ooo-build/commit/?id=49b4e38571912a7d28c4044e5b2bd57e51c77d55	Patch
http://marc.info/?l=oss-security&m=125258116800739&w=2
http://marc.info/?l=oss-security&m=125265261125765&w=2
http://marc.info/?l=oss-security&m=125363445702917&w=2
http://www.mandriva.com/security/advisories?name=MDVSA-2010:035
http://www.mandriva.com/security/advisories?name=MDVSA-2010:091
http://www.mandriva.com/security/advisories?name=MDVSA-2010:105
http://cgit.freedesktop.org/ooo-build/ooo-build/commit/?id=49b4e38571912a7d28c4044e5b2bd57e51c77d55	Patch
http://marc.info/?l=oss-security&m=125258116800739&w=2
http://marc.info/?l=oss-security&m=125265261125765&w=2
http://marc.info/?l=oss-security&m=125363445702917&w=2
http://www.mandriva.com/security/advisories?name=MDVSA-2010:035
http://www.mandriva.com/security/advisories?name=MDVSA-2010:091
http://www.mandriva.com/security/advisories?name=MDVSA-2010:105

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:go-oo:go-oo:2.3.0:::::::*
	cpe:2.3:a:go-oo:go-oo:2.4.0:::::::*
	cpe:2.3:a:go-oo:go-oo:2.4.1:::::::*
	cpe:2.3:a:go-oo:go-oo:3.0:::::::*

History

21 Nov 2024, 01:04

Type	Values Removed	Values Added
References	~~() http://cgit.freedesktop.org/ooo-build/ooo-build/commit/?id=49b4e38571912a7d28c4044e5b2bd57e51c77d55 - Patch~~	() http://cgit.freedesktop.org/ooo-build/ooo-build/commit/?id=49b4e38571912a7d28c4044e5b2bd57e51c77d55 - Patch
References	~~() http://marc.info/?l=oss-security&m=125258116800739&w=2 -~~	() http://marc.info/?l=oss-security&m=125258116800739&w=2 -
References	~~() http://marc.info/?l=oss-security&m=125265261125765&w=2 -~~	() http://marc.info/?l=oss-security&m=125265261125765&w=2 -
References	~~() http://marc.info/?l=oss-security&m=125363445702917&w=2 -~~	() http://marc.info/?l=oss-security&m=125363445702917&w=2 -
References	~~() http://www.mandriva.com/security/advisories?name=MDVSA-2010:035 -~~	() http://www.mandriva.com/security/advisories?name=MDVSA-2010:035 -
References	~~() http://www.mandriva.com/security/advisories?name=MDVSA-2010:091 -~~	() http://www.mandriva.com/security/advisories?name=MDVSA-2010:091 -
References	~~() http://www.mandriva.com/security/advisories?name=MDVSA-2010:105 -~~	() http://www.mandriva.com/security/advisories?name=MDVSA-2010:105 -

Information

Published : 2009-09-21 19:30

Updated : 2024-11-21 01:04

NVD link : CVE-2009-2140

Mitre link : CVE-2009-2140

CVE.ORG link : CVE-2009-2140

JSON object : View

Products Affected

go-oo

go-oo

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

9.3 /10