The Free and Open Productivity Suite
Released: Apache OpenOffice 4.1.15

File Format, CVE-2006-3117

File Format

1. Impact:

The buffer overflow allows for a value to be written to an arbitrary location in memory. This may lead to command execution in the context of the current user.

This issue is also described in
CVE-2006-3117 at:,
NGSSoftware Advisory,
Sun Alert 102501,

2. Contributing Factors:

This issue can occur in the following releases: 1.1.x and 2.0.x

3. Symptoms: can crash due to internal buffer overflows when loading a malformed document.

4. Relief/Workaround:


5. Resolution: 1.1.5 Patch, 2.0.3

6. Credits:

Wade Alcorn of NGSSoftware discovered the vulnerability and aided in the explanation/fix.


Security Home -> Bulletin -> CVE-2006-3117

Apache Software Foundation

Copyright & License | Privacy | Contact Us | Donate | Thanks

Apache, OpenOffice, and the seagull logo are registered trademarks of The Apache Software Foundation. The Apache feather logo is a trademark of The Apache Software Foundation. Other names appearing on the site may be trademarks of their respective owners.