CVE-2006-6120 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Koffice

6 documents6 sources

Severity

6.8MEDIUMNVD

EPSS

6.1%

top 9.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

KDE Koffice

Timeline

PublishedDec 3

Latest updateMay 1

Description

Integer overflow in the KPresenter import filter for Microsoft PowerPoint files (filters/olefilters/lib/klaola.cc) in KOffice before 1.6.1 allows user-assisted remote attackers to execute arbitrary code via a crafted PPT file, which results in a heap-based buffer overflow.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDkde/koffice1.6.1

Patches

Patch: websvn.kde.org ↗Patch: www.koffice.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-cfxc-2frq-ppx3: Integer overflow in the KPresenter import filter for Microsoft PowerPoint files (filters/olefilters/lib/klaola↗2022-05-01

▶

CVEList

CVE-2006-6120: Integer overflow in the KPresenter import filter for Microsoft PowerPoint files (filters/olefilters/lib/klaola↗2006-12-03

▶

📋Vendor Advisories

Ubuntu

KOffice vulnerability↗2006-11-29

▶

Red Hat

koffice: update to 1.6.1↗2006-11-29

▶

💬Community

Bugzilla

CVE-2006-6120 koffice integer overflow↗2006-11-29

▶