CVE-2009-2950

2010-02-1619:30:00

CWE-787

[email protected]

web.nvd.nist.gov

cve-2009-2950

openoffice.org

buffer overflow

denial of service

arbitrary code execution

gif

lzw decompression

7.8 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.053 Low

EPSS

Percentile

93.0%

JSON

Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, related to LZW decompression.

CPENameOperatorVersion
apache:openofficeapache openofficelt3.2.0
debian:debian_linuxdebian debian linuxeq5.0
debian:debian_linuxdebian debian linuxeq4.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq9.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq8.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq9.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq8.04

CPE	Name	Operator	Version
apache:openoffice	apache openoffice	lt	3.2.0
debian:debian_linux	debian debian linux	eq	5.0
debian:debian_linux	debian debian linux	eq	4.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	9.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	8.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	9.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	8.04