漏洞信息详情
Sun OpenOffice.org filter.vcl/lgif/decode.cxx堆溢出漏洞
- CNNVD编号:CNNVD-201002-156
- 危害等级: 中危
- CVE编号: CVE-2009-2950
- 漏洞类型: 缓冲区错误
- 发布时间: 2010-02-16
- 威胁类型: 远程
- 更新时间: 2022-02-09
- 厂 商: sun
- 漏洞来源: Sebastian Apelt of...
漏洞简介
OpenOffice.org(OOo)是美国阿帕奇(Apache)软件基金会的一款开源的办公软件套件。该套件包含文本文档、电子表格、演示文稿、绘图、数据库等。
OpenOffice.org程序filter.vcl/lgif/decode.cxx函数GIFLZWDecompressor::GIFLZWDecompressor存在堆溢出漏洞。远程攻击者可以通过特制的GIF文件,导致拒绝服务,执行任意代码。该漏洞与LZW解压缩相关。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
http://www.openoffice.org/
参考网址
来源:UBUNTU
链接:http://www.ubuntu.com/usn/USN-903-1
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.HTML
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2010/0366
来源:CERT
链接:http://www.us-cert.gov/cas/techalerts/TA10-287A.HTML
来源:SECUNIA
链接:http://secunia.com/advisories/41818
来源:CONFIRM
链接:http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.HTML
来源:BID
链接:https://www.securityfocus.com/bid/38218
来源:REDHAT
链接:http://www.redhat.com/support/errata/RHSA-2010-0101.HTML
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11050
来源:DEBIAN
链接:https://www.debian.org/security/2010/dsa-1995
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2010/0635
来源:SECUNIA
链接:http://secunia.com/advisories/38695
来源:GENTOO
链接:http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
来源:CONFIRM
链接:http://www.openoffice.org/security/bulletin.HTML
来源:SECTRACK
链接:http://securitytracker.com/id?1023591
来源:CONFIRM
链接:https://bugzilla.redhat.com/show_bug.cgi?id=527512
来源:SECUNIA
链接:http://secunia.com/advisories/38568
来源:SECUNIA
链接:http://secunia.com/advisories/38567
来源:CONFIRM
链接:http://www.openoffice.org/security/cves/CVE-2009-2950.HTML
来源:XF
链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/56238
来源:SECUNIA
链接:http://secunia.com/advisories/38921
来源:SECUNIA
链接:http://secunia.com/advisories/60799
来源:MANDRIVA
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2010:221
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2010/2905
受影响实体
- Sun Openoffice.Org:2.0.3
- Sun Openoffice.Org:2.0.0
- Sun Openoffice.Org:2.2.1
- Sun Openoffice.Org:2.2.0
- Sun Openoffice.Org:2.3.1
补丁
- OOo_3.2.1_Linux_x86_install-deb_zh-CN
- OOo_3.2.0_Solaris_x86_install-wJRE_zh-CN
- OOo_3.2.1_Linux_x86_install-rpm-wJRE_zh-CN
- OOo_3.2.0_MacOS_x86_install_zh-CN
- OOo_3.2.1_Win_x86_install-wJRE_zh-CN
评论