Page 10 of 64 results (0.021 seconds)

CVSS: 9.3EPSS: 17%CPEs: 7EXPL: 0

Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow. Desbordamiento de enteros en la función XPMReader::ReadXPM en filter.vcl/ixpm/svt_xpmread.cxx en OpenOffice.org (OOo) anterior v3.2 permite a atacantes remotos ejecutar código de su elección a través de un fichero XPM manipulado que provoca un desbordamiento de buffer basado en pila. • http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html http://secunia.com/advisories/38567 http://secunia.com/advisories/38568 http://secunia.com/advisories/38695 http://secunia.com/advisories/38921 http://secunia.com/advisories/41818 http://secunia.com/advisories/60799 http://securitytracker.com/id?1023591 http://www.debian.org/security/2010/dsa-1995 http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml http://www.mandriva.com/security/advisories?name& • CWE-190: Integer Overflow or Wraparound •

CVSS: 9.3EPSS: 8%CPEs: 7EXPL: 0

Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, related to LZW decompression. Desbordamiento de búfer basado en pila en la función GIFLZWDecompressor::GIFLZWDecompressor en filter.vcl/lgif/decode.cxx en OpenOffice.org (OOo) anterior v3.2 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) o probablemente ejecutar código de su elección a través de un fichero GIF manipulado, relacionado con la d escompresión LZW. • http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html http://secunia.com/advisories/38567 http://secunia.com/advisories/38568 http://secunia.com/advisories/38695 http://secunia.com/advisories/38921 http://secunia.com/advisories/41818 http://secunia.com/advisories/60799 http://securitytracker.com/id?1023591 http://www.debian.org/security/2010/dsa-1995 http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml http://www.mandriva.com/security/advisories?name& • CWE-787: Out-of-bounds Write •

CVSS: 9.3EPSS: 51%CPEs: 7EXPL: 0

Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document. Desbordamiento de enteros en filter/ww8/ww8par2.cxx en OpenOffice.org (OOo) anterior v3.2 permite a atacantes remotos causar una denegación de servicio (caída aplicación) o probablemente ejecutar código de su elección a través de una tabla modificadora de propiedades sprmTDefTable manipulada en un documento Word. • http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html http://secunia.com/advisories/38567 http://secunia.com/advisories/38568 http://secunia.com/advisories/38695 http://secunia.com/advisories/38921 http://secunia.com/advisories/41818 http://secunia.com/advisories/60799 http://securitytracker.com/id?1023591 http://www.debian.org/security/2010/dsa-1995 http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml http://www.mandriva.com/security/advisories?name& • CWE-191: Integer Underflow (Wrap or Wraparound) •

CVSS: 9.3EPSS: 4%CPEs: 3EXPL: 0

Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a "numeric truncation error," a different vulnerability than CVE-2008-2152. Desbordamiento de entero en la función rtl_allocateMemory en sal/rtl/sourcealloc_global.c en el localizador de memoria de OpenOffice.org (OOo) 2.4.1, sobre plataformas 64-bit, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o, posiblemente, ejecución de código arbitrario a través de un documento manipulado, relacionado con "error de truncamiento numérico", es una vulnerabilidad distinta de la CVE-2008-2152. • http://secunia.com/advisories/31640 http://secunia.com/advisories/31646 http://secunia.com/advisories/31778 http://securitytracker.com/id?1020764 http://www.openoffice.org/issues/show_bug.cgi?id=92217 http://www.redhat.com/support/errata/RHSA-2008-0835.html http://www.securityfocus.com/bid/30866 http://www.vupen.com/english/advisories/2008/2449 https://bugzilla.redhat.com/show_bug.cgi?id=455867 https://bugzilla.redhat.com/show_bug.cgi?id=458056 https://exchange.xforce&# • CWE-681: Incorrect Conversion between Numeric Types •

CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0

Untrusted search path vulnerability in a certain Red Hat build script for OpenOffice.org (OOo) 1.1.x on Red Hat Enterprise Linux (RHEL) 3 and 4 allows local users to gain privileges via a malicious library in the current working directory, related to incorrect quoting of the ORIGIN symbol for use in the RPATH library path. Vulnerabilidad de búsqueda de ruta no confiable en ciertas secuencias de comandos web usadas para "construir" OpenOffice.org (OOo) 1.1.x sobre Red Hat Enterprise Linux (RHEL) 3 y 4, permite a usuarios locales elevar sus privilegios a través de una biblioteca maliciosa en el directorio actual de trabajo en relación a un entrecomillado incorrecto del símbolo ORIGIN para su uso en la ruta de la biblioteca RPATH. • http://secunia.com/advisories/30633 http://securitytracker.com/id?1020278 http://www.redhat.com/support/errata/RHSA-2008-0538.html http://www.securityfocus.com/bid/29695 https://bugzilla.redhat.com/show_bug.cgi?id=450532 https://exchange.xforce.ibmcloud.com/vulnerabilities/43322 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11361 https://access.redhat.com/security/cve/CVE-2008-2366 • CWE-16: Configuration •