CVE-2010-2935

high

Description

simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12063

https://bugzilla.redhat.com/show_bug.cgi?id=622529

http://www.vupen.com/english/advisories/2011/0279

http://www.vupen.com/english/advisories/2011/0230

http://www.vupen.com/english/advisories/2011/0150

http://www.vupen.com/english/advisories/2010/2905

http://www.vupen.com/english/advisories/2010/2228

http://www.vupen.com/english/advisories/2010/2149

http://www.vupen.com/english/advisories/2010/2003

http://www.securitytracker.com/id?1024976

http://www.securitytracker.com/id?1024352

http://www.redhat.com/support/errata/RHSA-2010-0643.html

http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html

http://www.openwall.com/lists/oss-security/2010/08/11/4

http://www.openwall.com/lists/oss-security/2010/08/11/1

http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690

http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html

http://www.mandriva.com/security/advisories?name=MDVSA-2010:221

http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml

http://www.debian.org/security/2010/dsa-2099

http://ubuntu.com/usn/usn-1056-1

http://securityevaluators.com/files/papers/CrashAnalysis.pdf

http://secunia.com/advisories/60799

http://secunia.com/advisories/43105

http://secunia.com/advisories/42927

http://secunia.com/advisories/41235

http://secunia.com/advisories/41052

http://secunia.com/advisories/40775

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

Details

Source: Mitre, NVD

Published: 2010-08-25

Updated: 2017-09-19

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High