CVE-2009-2139

CWE-119Buffer Overflow8 documents6 sources
Severity
9.3CRITICAL
EPSS
23.8%
top 3.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SUN Openoffice.org
Timeline
PublishedSep 8
Latest updateMay 2

Description

Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allows remote attackers to execute arbitrary code via a crafted EMF file, a similar issue to CVE-2008-2238.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDsun/openoffice.org13 versions+12

Patches

Patch: www.debian.orgPatch: www.debian.org

🔴Vulnerability Details

2
GHSA
GHSA-qgh5-q4r2-fwv5: Heap-based buffer overflow in svtools/source/filter2022-05-02
CVEList
CVE-2009-2139: Heap-based buffer overflow in svtools/source/filter2009-09-08

💥Exploits & PoCs

3
Exploit-DB
KSP 2006 FINAL - '.m3u' Universal Local Buffer (SEH)2009-08-24
Exploit-DB
UltraPlayer Media Player 2.112 - Local Buffer Overflow (PoC)2009-08-05
Exploit-DB
Triologic Media Player 7 - '.m3u' Local Heap Buffer Overflow (PoC)2009-01-12

📋Vendor Advisories

2
Ubuntu
OpenOffice.org vulnerabilities2009-10-01
Red Hat
CVE-2009-2139: Heap-based buffer overflow in svtools/source/filter
CVE-2009-2139 (CRITICAL CVSS 9.3) | Heap-based buffer overflow in svtoo | cvebase.io