oss-sec mailing list archives
Re: OpenOffice.org CVE-2009-2139
From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 21 Sep 2009 14:42:20 -0400 (EDT)
On Thu, 10 Sep 2009, Thomas Biege wrote:
CVE-2009-2139
Manipulated EMF files can lead to heap overflows and arbitrary code
execution
* Synopsis: Manipulated EMF files can lead to heap overflows and
arbitrary code execution
* State: Resolved
We recently created CVE-2009-3239 to address an OpenOffice overflow in enhwmf.cxx/emfplus.cxx, as described in SUSE-SR:2009:015: "This update of OpenOffice.org fixes potential buffer overflow in EMF parser code (enhwmf.cxx, emfplus.cxx)." http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html Is CVE-2009-3239 a duplicate of CVE-2009-2139? (If so, we would probably keep CVE-2009-2139 and remove CVE-2009-3239.) - Steve
Current thread:
- OpenOffice.org CVE-2009-2139 Tomas Hoger (Sep 09)
- Re: OpenOffice.org CVE-2009-2139 Thomas Biege (Sep 10)
- Re: OpenOffice.org CVE-2009-2139 Tomas Hoger (Sep 10)
- Re: OpenOffice.org CVE-2009-2139 Tomas Hoger (Sep 11)
- Re: OpenOffice.org CVE-2009-2139 Steven M. Christey (Sep 21)
- Re: OpenOffice.org CVE-2009-2139 Marcus Meissner (Sep 22)
- Re: OpenOffice.org CVE-2009-2139 Tomas Hoger (Sep 10)
- Re: OpenOffice.org CVE-2009-2139 Thomas Biege (Sep 10)