CVE-2006-4514

Name of the Vulnerable Software and Affected Versions libgsf versions prior to 1.14.2 libgsf-1.10.1 libgsf-1.6.0

Description The issue is related to a heap-based buffer overflow in the ole info read metabat function in the Gnome Structured File library (libgsf), which allows context-dependent attackers to execute arbitrary code via a large num metabat value in an OLE document. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be done remotely.

Recommendations For libgsf versions prior to 1.14.2, update to version 1.14.2 or later to resolve the issue. For libgsf-1.10.1 and libgsf-1.6.0, update to a version that is not affected by this issue, as these specific versions are vulnerable. As a temporary workaround, consider restricting access to the ole info read metabat function until a patch is available.