Heap-based buffer overflow in the ole_info_read_metabat function in Gnome Structured File library (libgsf) 1.14.0, and other versions prior to 1.14.2, allows context-dependent malicious users to execute arbitrary code via a large num_metabat value in an OLE document, which causes the ole_init_info function to allocate insufficient memory.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
libgsf libgsf 1.13.2 |
||
libgsf libgsf 1.14 |
||
libgsf libgsf 1.11.1 |
||
libgsf libgsf 1.14.1 |