ByteOS Network

NVD Vulnerability Details :

CVE-2006-4514

Modified

Source-cve@mitre.org

Published At-30 Nov, 2006 | 23:28

Updated At-17 Oct, 2018 | 21:37

Heap-based buffer overflow in the ole_info_read_metabat function in Gnome Structured File library (libgsf) 1.14.0, and other versions before 1.14.2, allows context-dependent attackers to execute arbitrary code via a large num_metabat value in an OLE document, which causes the ole_init_info function to allocate insufficient memory.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 2.0

Base score: 7.5

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

libgsf>>libgsf>>1.11.1

cpe:2.3:a:libgsf:libgsf:1.11.1:*:*:*:*:*:*:*

libgsf>>libgsf>>1.13.2

cpe:2.3:a:libgsf:libgsf:1.13.2:*:*:*:*:*:*:*

libgsf>>libgsf>>1.14

cpe:2.3:a:libgsf:libgsf:1.14:*:*:*:*:*:*:*

libgsf>>libgsf>>1.14.1

cpe:2.3:a:libgsf:libgsf:1.14.1:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-119	Primary	nvd@nist.gov

CWE ID: CWE-119

Type: Primary

Source: nvd@nist.gov

Vendor Statements

Organization : Red Hat

Last Modified : 2007-03-14T00:00:00

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References

Hyperlink	Source	Resource
ftp://patches.sgi.com/support/free/security/advisories/20070101-01-P.asc	cve@mitre.org	N/A
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=446	cve@mitre.org	Vendor Advisory
http://lists.suse.com/archive/suse-security-announce/2006-Dec/0005.html	cve@mitre.org	N/A
http://rhn.redhat.com/errata/RHSA-2007-0011.html	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/23164	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/23166	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/23167	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/23227	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/23337	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/23352	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/23355	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/23686	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/23920	cve@mitre.org	Vendor Advisory
http://security.gentoo.org/glsa/glsa-200612-13.xml	cve@mitre.org	N/A
http://www.debian.org/security/2006/dsa-1221	cve@mitre.org	Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:220	cve@mitre.org	N/A
http://www.securityfocus.com/archive/1/454389/30/9210/threaded	cve@mitre.org	N/A
http://www.securityfocus.com/bid/21358	cve@mitre.org	Patch
http://www.ubuntu.com/usn/usn-391-1	cve@mitre.org	N/A
http://www.vupen.com/english/advisories/2006/4784	cve@mitre.org	Vendor Advisory
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/30611	cve@mitre.org	N/A
https://issues.rpath.com/browse/RPL-857	cve@mitre.org	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9413	cve@mitre.org	N/A