CVSS: 9.3EPSS: 2%CPEs: 3EXPL: 0CVE-2008-3282 – openoffice.org: numeric truncation error in memory allocator (64bit)
https://notcve.org/view.php?id=CVE-2008-3282
Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a "numeric truncation error," a different vulnerability than CVE-2008-2152. Desbordamiento de entero en la función rtl_allocateMemory en sal/rtl/sourcealloc_global.c en el localizador de memoria de OpenOffice.org (OOo) 2.4.1, sobre plataformas 64-bit, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o, posiblemente, ejecución de código arbitrario a través de un documento manipulado, relacionado con "error de truncamiento numérico", es una vulnerabilidad distinta de la CVE-2008-2152. • http://secunia.com/advisories/31640 http://secunia.com/advisories/31646 http://secunia.com/advisories/31778 http://securitytracker.com/id?1020764 http://www.openoffice.org/issues/show_bug.cgi?id=92217 http://www.redhat.com/support/errata/RHSA-2008-0835.html http://www.securityfocus.com/bid/30866 http://www.vupen.com/english/advisories/2008/2449 https://bugzilla.redhat.com/show_bug.cgi?id=455867 https://bugzilla.redhat.com/show_bug.cgi?id=458056 https://exchange.xforce&# • CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 9.3EPSS: 88%CPEs: 10EXPL: 0CVE-2007-2834 – openoffice.org TIFF parsing heap overflow
https://notcve.org/view.php?id=CVE-2007-2834
Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow. Desbordamiento de enteros en el analizador TIFF en OpenOffice.org (OOo) anterior a la versión 2.3; y Office Suit (StarSuite) de Sun StarOffice versiones 6, 7 y 8 ; permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo TIFF con valores creados de campos de longitud no especificada, lo que desencadena la asignación de una cantidad inapropiada de memoria, resultando en un desbordamiento de búfer en la región heap de la memoria. • http://bugs.gentoo.org/show_bug.cgi?id=192818 http://fedoranews.org/updates/FEDORA-2007-237.shtml http://fedoranews.org/updates/FEDORA-2007-700.shtml http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=593 http://lists.opensuse.org/opensuse-security-announce/2007-09/msg00002.html http://secunia.com/advisories/26816 http://secunia.com/advisories/26817 http://secunia.com/advisories/26839 http://secunia.com/advisories/26844 http://secunia.com/advisories/26855 http:/&# • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 1CVE-2004-0179 – Neon WebDAV Client Library 0.2x - Format String
https://notcve.org/view.php?id=CVE-2004-0179
Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code. Multiples vulenerabilidades de cadena de formato en (1) neon 0.24.4 y anteriores, y otros productos que usan neon incluyendo (2) Cadaver, (3) Subversion, o (4) OpenOffice, permite a servidores remotos WebDAV maliciosos ejecutar código arbitrario. • https://www.exploit-db.com/exploits/23999 ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc http://lists.suse.com/archive/suse-security-announce/2004-Apr/0002.html http://lists.suse.com/archive/suse-security-announce/2004-Apr/0003.html http://marc.info/?l=bugtraq&m=108213873203477&w=2 http://marc.info/?l=bugtraq&m=108214147022626&w=2 http://secunia.com/advisories/11363 http://security.gentoo.org/glsa/glsa-200405-01.xml http://security.gentoo. • CWE-134: Use of Externally-Controlled Format String •