Launchpad CVE tracker

CVE 2009-2950

Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, related to LZW decompression.

Related bugs and status

CVE-2009-2950 (Candidate) is related to these bugs:

Bug #450569: [Master] package openoffice.org-emailmerge 1:3.2.0-7ubuntu4.1 failed to install/upgrade:

		In	Importance	Status
450569	[Master] package openoffice.org-emailmerge 1:3.2.0-7ubuntu4.1 failed to install/upgrade:	openoffice.org (Ubuntu)	Critical	Invalid
450569	[Master] package openoffice.org-emailmerge 1:3.2.0-7ubuntu4.1 failed to install/upgrade:	update-manager (Ubuntu)	Undecided	Invalid
450569	[Master] package openoffice.org-emailmerge 1:3.2.0-7ubuntu4.1 failed to install/upgrade:	docvert (Ubuntu)	Undecided	Invalid
450569	[Master] package openoffice.org-emailmerge 1:3.2.0-7ubuntu4.1 failed to install/upgrade:	docvert (Ubuntu Lucid)	Undecided	Invalid
450569	[Master] package openoffice.org-emailmerge 1:3.2.0-7ubuntu4.1 failed to install/upgrade:	openoffice.org (Ubuntu Lucid)	Critical	Fix Released
450569	[Master] package openoffice.org-emailmerge 1:3.2.0-7ubuntu4.1 failed to install/upgrade:	update-manager (Ubuntu Lucid)	Undecided	Invalid
450569	[Master] package openoffice.org-emailmerge 1:3.2.0-7ubuntu4.1 failed to install/upgrade:	docvert (Ubuntu Karmic)	Undecided	Invalid
450569	[Master] package openoffice.org-emailmerge 1:3.2.0-7ubuntu4.1 failed to install/upgrade:	openoffice.org (Ubuntu Karmic)	Critical	Fix Released
450569	[Master] package openoffice.org-emailmerge 1:3.2.0-7ubuntu4.1 failed to install/upgrade:	update-manager (Ubuntu Karmic)	Undecided	Fix Released

Bug #882588: LibreOffice/Mozilla integration broken

Summary				In	Importance	Status
	882588	LibreOffice/Mozilla integration broken		libreoffice (Ubuntu)	Undecided	Fix Released
	882588	LibreOffice/Mozilla integration broken		firefox (Ubuntu)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2009-2950

References