9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.129 Low
EPSS
Percentile
95.5%
Multiple heap-based buffer overflows in
cppcanvas/source/mtfrenderer/emfplus.cxx in Go-oo 2.x and 3.x before 3.0.1,
previously named ooo-build and related to OpenOffice.org (OOo), allow
remote attackers to execute arbitrary code via a crafted EMF+ file, a
similar issue to CVE-2008-2238.
Author | Note |
---|---|
jdstrand | Patch is patches/emf+/emfΒ±cppcanvas-input-validation.diff, but emfplus.cxx is not included or compiled in Ubuntu 8.10 or 8.04. Debian includes the patch in 2.4.1+dfsg-1+lenny3, but does not apply it anywhere. |