Launchpad CVE tracker

CVE 2005-0941

The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain length values, which leads to a heap-based buffer overflow.

Related bugs and status

CVE-2005-0941 (Candidate) is related to these bugs:

Bug #15434: CAN-2005-0941: "OpenOffice DOC document Heap Overflow"

Summary				In	Importance	Status
	15434	CAN-2005-0941: "OpenOffice DOC document Heap Overflow"		openoffice.org (Ubuntu)	High	Fix Released
	15434	CAN-2005-0941: "OpenOffice DOC document Heap Overflow"		openoffice.org (Debian)	Unknown	Fix Released

Bug #15461: openoffice.org: Invalid range checking in DOC header parsing leading to possible heap overflow

Summary				In	Importance	Status
	15461	openoffice.org: Invalid range checking in DOC header parsing leading to possible heap overflow		openoffice.org (Ubuntu)	High	Invalid
	15461	openoffice.org: Invalid range checking in DOC header parsing leading to possible heap overflow		openoffice.org (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2005-0941

References