CVE-2009-2949

2010-02-1619:30:00

CWE-190

[email protected]

web.nvd.nist.gov

cve-2009-2949

integer overflow

xpmreader

readxpm

openoffice.org

remote code execution

crafted file

nvd

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.134 Low

EPSS

Percentile

95.6%

JSON

Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow.

CPENameOperatorVersion
apache:openofficeapache openofficelt3.2.0
debian:debian_linuxdebian debian linuxeq5.0
debian:debian_linuxdebian debian linuxeq4.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq9.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq8.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq9.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq8.04

CPE	Name	Operator	Version
apache:openoffice	apache openoffice	lt	3.2.0
debian:debian_linux	debian debian linux	eq	5.0
debian:debian_linux	debian debian linux	eq	4.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	9.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	8.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	9.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	8.04