Buffer overflow in Sun Openoffice.org

CVE-2009-2139

Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allows remote attackers to execute arbitrary code via a crafted EMF f…

Vulnerability class: Buffer Overflow

EPSS: 0.065 (92.9th percentile) — read the EPSS interpretation.

Affected products

Sun Openoffice.org — versions 2.0.0, 2.0.3, 2.0.4
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cve@mitre.org (vendor-advisory, x_refsource_MANDRIVA)
cve@mitre.org (vendor-advisory, x_refsource_MANDRIVA)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (vendor-advisory, x_refsource_MANDRIVA)
cve@mitre.org (vendor-advisory, x_refsource_SUSE)
cve@mitre.org (vendor-advisory, Patch, x_refsource_DEBIAN)
cve@mitre.org (mailing-list, x_refsource_MLIST)
cve@mitre.org (mailing-list, x_refsource_MLIST)
cve@mitre.org (mailing-list, x_refsource_MLIST)
cve@mitre.org (mailing-list, x_refsource_MLIST)