Integer overflow in Apache Openoffice

CVE-2009-2949

Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow.

Vulnerability class: Integer Overflow

EPSS: 0.558 (98.1th percentile) — read the EPSS interpretation.

Affected products

Apache Openoffice
Canonical Ubuntu_linux — versions 8.10, 9.04, 9.10
Debian Debian_linux — versions 4.0, 5.0
N/a — versions n/a

Weakness classification (CWE)

CWE-190 — Integer Overflow or Wraparound

References

SUSE-SA:2010:017 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
38567 (x_refsource_SECUNIA, Broken Link, third-party-advisory)
38568 (x_refsource_SECUNIA, Broken Link, third-party-advisory)
38695 (x_refsource_SECUNIA, Broken Link, third-party-advisory)
38921 (x_refsource_SECUNIA, Broken Link, third-party-advisory)
41818 (x_refsource_SECUNIA, Broken Link, third-party-advisory)
60799 (x_refsource_SECUNIA, Broken Link, third-party-advisory)
1023591 (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK, Broken Link)
DSA-1995 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
GLSA-201408-19 (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)