Candidate: CVE-2009-2140
PublicDate: 2009-09-21 19:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2140
 http://marc.info/?l=oss-security&m=125258116800739&w=2
 http://marc.info/?l=oss-security&m=125265261125765&w=2
Description:
 Multiple heap-based buffer overflows in
 cppcanvas/source/mtfrenderer/emfplus.cxx in Go-oo 2.x and 3.x before 3.0.1,
 previously named ooo-build and related to OpenOffice.org (OOo), allow
 remote attackers to execute arbitrary code via a crafted EMF+ file, a
 similar issue to CVE-2008-2238.
Ubuntu-Description:
Notes:
 jdstrand> Patch is patches/emf+/emf+-cppcanvas-input-validation.diff, but
  emfplus.cxx is not included or compiled in Ubuntu 8.10 or 8.04. Debian
  includes the patch in 2.4.1+dfsg-1+lenny3, but does not apply it anywhere.
Bugs:
Priority: medium
Discovered-by:
Assigned-to: jdstrand
CVSS: 

Patches_openoffice.org:
 upstream: http://cgit.freedesktop.org/ooo-build/ooo-build/commit/?id=49b4e38571912a7d28c4044e5b2bd57e51c77d55
upstream_openoffice.org: released (3.0.1)
dapper_openoffice.org: ignored (reached end-of-life)
hardy_openoffice.org: not-affected (code not present)
intrepid_openoffice.org: not-affected (code not present)
jaunty_openoffice.org: not-affected (3.0.1-9ubuntu3)
devel_openoffice.org: not-affected