CVE - CVE-2006-4514

CVE-ID
CVE-2006-4514	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Heap-based buffer overflow in the ole_info_read_metabat function in Gnome Structured File library (libgsf) 1.14.0, and other versions before 1.14.2, allows context-dependent attackers to execute arbitrary code via a large num_metabat value in an OLE document, which causes the ole_init_info function to allocate insufficient memory.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:21358 URL:http://www.securityfocus.com/bid/21358 BUGTRAQ:20061214 rPSA-2006-0232-1 libgsf URL:http://www.securityfocus.com/archive/1/454389/30/9210/threaded CONFIRM:http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf CONFIRM:https://issues.rpath.com/browse/RPL-857 DEBIAN:DSA-1221 URL:http://www.debian.org/security/2006/dsa-1221 GENTOO:GLSA-200612-13 URL:http://security.gentoo.org/glsa/glsa-200612-13.xml IDEFENSE:20061130 Multiple Vendor libgsf Heap Overflow Vulnerability URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=446 MANDRIVA:MDKSA-2006:220 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:220~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:9413 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9413 REDHAT:RHSA-2007:0011 URL:http://rhn.redhat.com/errata/RHSA-2007-0011.html SECUNIA:23164 URL:http://secunia.com/advisories/23164 SECUNIA:23166 URL:http://secunia.com/advisories/23166 SECUNIA:23167 URL:http://secunia.com/advisories/23167 SECUNIA:23227 URL:http://secunia.com/advisories/23227 SECUNIA:23337 URL:http://secunia.com/advisories/23337 SECUNIA:23352 URL:http://secunia.com/advisories/23352 SECUNIA:23355 URL:http://secunia.com/advisories/23355 SECUNIA:23686 URL:http://secunia.com/advisories/23686 SECUNIA:23920 URL:http://secunia.com/advisories/23920 SGI:20070101-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20070101-01-P.asc SUSE:SUSE-SA:2006:076 URL:http://lists.suse.com/archive/suse-security-announce/2006-Dec/0005.html UBUNTU:USN-391-1 URL:http://www.ubuntu.com/usn/usn-391-1 VUPEN:ADV-2006-4784 URL:~~http://www.vupen.com/english/advisories/2006/4784~~ (Obsolete source) XF:libgsf-metabat-bo(30611) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/30611
Assigning CNA
MITRE Corporation
Date Record Created
20060831	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060831)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)