CVE-2005-0941

Publication date 2 May 2005

Last updated 24 July 2024

Ubuntu priority

The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain length values, which leads to a heap-based buffer overflow.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
openoffice.org	7.04 feisty	Not affected
	6.10 edgy	Not affected
	6.06 LTS dapper	Not affected
openoffice.org-l10n	7.04 feisty	Fixed 2.0.2-2ubuntu5
	6.10 edgy	Fixed 2.0.2-2ubuntu5
	6.06 LTS dapper	Fixed 2.0.2-2ubuntu5

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-121-1
OpenOffice.org vulnerability
6 May 2005

Other references

https://www.cve.org/CVERecord?id=CVE-2005-0941