Lucene search
Ubuntu.comUB:CVE-2009-2140HistorySep 21, 2009 - 12:00 a.m.
CVE-2009-2140
2009-09-2100:00:00
ubuntu.com
ubuntu.com
12
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.129 Low
EPSS
Percentile
95.5%
Multiple heap-based buffer overflows in
cppcanvas/source/mtfrenderer/emfplus.cxx in Go-oo 2.x and 3.x before 3.0.1,
previously named ooo-build and related to OpenOffice.org (OOo), allow
remote attackers to execute arbitrary code via a crafted EMF+ file, a
similar issue to CVE-2008-2238.
Notes
| Author | Note |
|---|---|
| jdstrand | Patch is patches/emf+/emfΒ±cppcanvas-input-validation.diff, but emfplus.cxx is not included or compiled in Ubuntu 8.10 or 8.04. Debian includes the patch in 2.4.1+dfsg-1+lenny3, but does not apply it anywhere. |
Related
cve
cve
prion
prion
checkpoint_advisories
checkpoint_advisories
OpenOffice EMF File EMR Record Parsing Integer Overflow (CVE-2008-2238)
2010-06-16 00:00:00
securityvulns
securityvulns
iDefense Security Advisory 10.31.08: OpenOffice EMF Record Parsing Multiple Integer Overflow Vulnerabilities
2008-11-02 00:00:00
OpenOffice integer overflow
2008-11-02 00:00:00
openvas
openvas
OpenOffice EMF Files Multiple Buffer Overflow Vulnerabilities (Windows)
2009-09-24 00:00:00
OpenOffice EMF Files Multiple Buffer Overflow Vulnerabilities (Linux)
2009-09-24 00:00:00
OpenOffice EMF Files Multiple Buffer Overflow Vulnerabilities - Windows
2009-09-24 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:29:33
cvelist
cvelist
CVE-2008-2238
2008-10-30 19:19:00
CVE-2009-2140
2009-09-21 19:00:00
ubuntucve
ubuntucve
CVE-2008-2238
2008-10-30 00:00:00
CVE-2009-2139
2009-09-08 00:00:00
nessus
nessus
debian
debian
[Backports-security-announce] Security update for openoffice.org
2008-10-30 10:37:01
[Backports-security-announce] Security update for openoffice.org
2008-10-30 10:38:12
[Backports-security-announce] Security update for openoffice.org
2008-10-30 10:37:01
redhatcve
redhatcve
CVE-2009-2139
2015-10-30 10:16:24
osv
osv
openoffice.org - several vulnerabilities
2008-10-29 00:00:00
centos
centos
openoffice.org security update
2008-11-05 18:54:09
redhat
redhat
(RHSA-2008:0939) Important: openoffice.org security update
2008-11-05 00:00:00
freebsd
freebsd
openoffice -- arbitrary code execution vulnerabilities
2008-10-29 00:00:00
oraclelinux
oraclelinux
openoffice.org security update
2008-11-05 00:00:00
seebug
seebug
OpenOffice WMFεEMFζδ»Άε€ηε ηΌε²εΊζΊ’εΊζΌζ΄
2008-10-31 00:00:00
ubuntu
ubuntu
OpenOffice.org vulnerabilities
2008-11-26 00:00:00
OpenOffice.org Internationalization update
2008-12-23 00:00:00
gentoo
gentoo
OpenOffice.org: Multiple vulnerabilities
2008-12-12 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: openoffice.org-2.4.2-18.1.fc9
2008-10-31 10:24:00
[SECURITY] Fedora 8 Update: openoffice.org-2.3.0-6.17.fc8
2008-10-31 10:27:14
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.129 Low
EPSS
Percentile
95.5%
Related for UB:CVE-2009-2140