Upstream information

CVE-2006-4514 at MITRE

Description

Heap-based buffer overflow in the ole_info_read_metabat function in Gnome Structured File library (libgsf) 1.14.0, and other versions before 1.14.2, allows context-dependent attackers to execute arbitrary code via a large num_metabat value in an OLE document, which causes the ole_init_info function to allocate insufficient memory.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.5
Vector AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 225199 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SuSE Linux Desktop 1.0
  • libgsf >= 1.6.0-163
sles10.s390x
core9.s390
sled10.x86
core9.x86
ZYPP Patch Nr: 2363
Novell Linux Desktop 9 for x86
  • libgsf >= 1.11.1-2.3
sles10.s390x
core9.s390
sled10.x86
core9.x86
ZYPP Patch Nr: 2363
Novell Linux Desktop 9 for x86_64
  • libgsf >= 1.11.1-2.3
  • libgsf-32bit >= 9-200612081114
sles10.s390x
core9.s390
sled10.x86
core9.x86
ZYPP Patch Nr: 2363
Open Enterprise Server
  • libgsf >= 1.8.2-164.3
sles10.s390x
core9.s390
sled10.x86
core9.x86
ZYPP Patch Nr: 2363
SUSE LINUX 10.0
  • libgsf >= 1.12.1-3.2
  • libgsf-32bit >= 1.12.1-3.2
  • libgsf-64bit >= 1.12.1-3.2
SUSE LINUX 10.1
  • libgsf >= 1.13.99-13.7
  • libgsf-32bit >= 1.13.99-13.7
  • libgsf-64bit >= 1.13.99-13.7
SUSE LINUX 9.3
  • libgsf >= 1.11.1-4.2
  • libgsf-32bit >= 9.3-7.1