Vulnerability Description
The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain length values, which leads to a heap-based buffer overflow.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openoffice | Openoffice | 1.0.1 |
References
- http://secunia.com/advisories/17027
- http://www.gentoo.org/security/en/glsa/glsa-200504-13.xml
- http://www.novell.com/linux/security/advisories/2005_21_sr.html
- http://www.openoffice.org/issues/show_bug.cgi?id=46388
- http://www.redhat.com/support/errata/RHSA-2005-375.html
- http://www.securityfocus.com/archive/1/395516
- http://www.securityfocus.com/bid/13092
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://secunia.com/advisories/17027
- http://www.gentoo.org/security/en/glsa/glsa-200504-13.xml
- http://www.novell.com/linux/security/advisories/2005_21_sr.html
- http://www.openoffice.org/issues/show_bug.cgi?id=46388
- http://www.redhat.com/support/errata/RHSA-2005-375.html
- http://www.securityfocus.com/archive/1/395516
- http://www.securityfocus.com/bid/13092
FAQ
What is CVE-2005-0941?
CVE-2005-0941 is a vulnerability with a CVSS score of 5.1 (MEDIUM). The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers...
How severe is CVE-2005-0941?
CVE-2005-0941 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0941?
Check the references section above for vendor advisories and patch information. Affected products include: Openoffice Openoffice.