The Free and Open Productivity Suite
Apache OpenOffice 4.1.7 released

File Format, CVE-2006-3117

File Format

1. Impact:

The buffer overflow allows for a value to be written to an arbitrary location in memory. This may lead to command execution in the context of the current user.

This issue is also described in
CVE-2006-3117 at:,
NGSSoftware Advisory,
Sun Alert 102501,

2. Contributing Factors:

This issue can occur in the following releases: 1.1.x and 2.0.x

3. Symptoms: can crash due to internal buffer overflows when loading a malformed document.

4. Relief/Workaround:


5. Resolution: 1.1.5 Patch, 2.0.3

6. Credits:

Wade Alcorn of NGSSoftware discovered the vulnerability and aided in the explanation/fix.


Security Home -> Bulletin -> CVE-2006-3117

Apache Events

Apache Software Foundation

Copyright & License | Privacy | Contact Us | Donate | Thanks

Apache and the Apache feather logo are trademarks of The Apache Software Foundation. OpenOffice, and the seagull logo are registered trademarks of The Apache Software Foundation. Other names appearing on the site may be trademarks of their respective owners.