Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow.
Vector
NETWORK
Complexity
MEDIUM
Authentication
NONE
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE
Sun Microsystems OpenOffice.org 2.2.0
Sun Openoffice.org 2.0.3 (not an official CPE)
Sun Openoffice.org 2.2.1 (not an official CPE)
Sun Microsystems OpenOffice.org 2.3.0
Sun Openoffice.org 2.3.1 (not an official CPE)
Sun Microsystems OpenOffice.org 2.4.0
Sun Microsystems OpenOffice.org 2.4.1
Sun Microsystems OpenOffice.org 3.0.1
Sun Microsystems OpenOffice.org 3.1.0
Sun Microsystems OpenOffice.org 3.1.1
Sun Microsystems OpenOffice.org 2.1.0
Sun Microsystems OpenOffice.org 2.0.0
Sun Microsystems OpenOffice.org 3.0.0
Sun Microsystems OpenOffice.org 2.4.2
Sun Microsystems OpenOffice.org 1.1.0
Sun Openoffice.org 2.4.3 (not an official CPE)