| Vulnerability Name: | CVE-2008-3282 (CCN-44742) | ||||||||||||||||||||
| Assigned: | 2008-08-27 | ||||||||||||||||||||
| Published: | 2008-08-27 | ||||||||||||||||||||
| Updated: | 2017-09-29 | ||||||||||||||||||||
| Summary: | Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a "numeric truncation error," a different vulnerability than CVE-2008-2152. | ||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 7.3 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-189 | ||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2008-3282 Source: CCN Type: RHSA-2008-0835 Important: openoffice.org security update Source: CCN Type: CESA-2008-006 - rev 1 OpenOffice PCX image format crash Source: CCN Type: SA31640 OpenOffice "rtl_allocateMemory()" Truncation Vulnerability Source: SECUNIA Type: UNKNOWN 31640 Source: SECUNIA Type: UNKNOWN 31646 Source: SECUNIA Type: UNKNOWN 31778 Source: CCN Type: SECTRACK ID: 1020764 OpenOffice 64-bit Memory Allocation Error Lets Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1020764 Source: CCN Type: OpenOffice.org Web site OpenOffice.org: Home Source: CCN Type: OpenOffice.org Issue 91818 PATCH: making pcx import more robust Source: CCN Type: OpenOffice.org Issue 92217 sal/rtl/source/alloc_global.c is not 64bit clean Source: CONFIRM Type: UNKNOWN http://www.openoffice.org/issues/show_bug.cgi?id=92217 Source: REDHAT Type: UNKNOWN RHSA-2008:0835 Source: BID Type: UNKNOWN 30866 Source: CCN Type: BID-30866 OpenOffice 'rtl_allocateMemory()' Remote Code Execution Vulnerability Source: VUPEN Type: UNKNOWN ADV-2008-2449 Source: CONFIRM Type: UNKNOWN https://bugzilla.redhat.com/show_bug.cgi?id=455867 Source: CCN Type: Red Hat Bugzilla Bug 458056 CVE-2008-3282 openoffice.org: numeric truncation error in memory allocator Source: CONFIRM Type: UNKNOWN https://bugzilla.redhat.com/show_bug.cgi?id=458056 Source: XF Type: UNKNOWN openoffice-rtlallocatememory-code-execution(44742) Source: XF Type: UNKNOWN openoffice-rtlallocatememory-code-execution(44742) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:11345 Source: FEDORA Type: UNKNOWN FEDORA-2008-7680 Source: FEDORA Type: UNKNOWN FEDORA-2008-7531 | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||