CVE-2010-2935

EUVD-2010-2939
simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
openofficeopenoffice.org
3.2.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libreoffice
dapper
dne
hardy
dne
intrepid
dne
jaunty
dne
karmic
dne
lucid
dne
maverick
dne
natty
not-affected
oneiric
not-affected
precise
not-affected
openoffice.org
dapper
ignored
hardy
Fixed 1:2.4.1-1ubuntu2.5
released
jaunty
ignored
karmic
Fixed 1:3.1.1-5ubuntu1.3
released
lucid
Fixed 1:3.2.0-7ubuntu4.2
released
maverick
Fixed 1:3.2.1-7ubuntu1.1
released
natty
not-affected
oneiric
not-affected
precise
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://secunia.com/advisories/40775
http://secunia.com/advisories/41052
http://secunia.com/advisories/41235
http://secunia.com/advisories/42927
http://secunia.com/advisories/43105
http://secunia.com/advisories/60799
http://securityevaluators.com/files/papers/CrashAnalysis.pdf
http://ubuntu.com/usn/usn-1056-1
http://www.debian.org/security/2010/dsa-2099
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2010:221
http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html
http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690
http://www.openwall.com/lists/oss-security/2010/08/11/1
http://www.openwall.com/lists/oss-security/2010/08/11/4
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
http://www.redhat.com/support/errata/RHSA-2010-0643.html
http://www.securitytracker.com/id?1024352
http://www.securitytracker.com/id?1024976
http://www.vupen.com/english/advisories/2010/2003
http://www.vupen.com/english/advisories/2010/2149
http://www.vupen.com/english/advisories/2010/2228
http://www.vupen.com/english/advisories/2010/2905
http://www.vupen.com/english/advisories/2011/0150
http://www.vupen.com/english/advisories/2011/0230
http://www.vupen.com/english/advisories/2011/0279
https://bugzilla.redhat.com/show_bug.cgi?id=622529
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12063
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://secunia.com/advisories/40775
http://secunia.com/advisories/41052
http://secunia.com/advisories/41235
http://secunia.com/advisories/42927
http://secunia.com/advisories/43105
http://secunia.com/advisories/60799
http://securityevaluators.com/files/papers/CrashAnalysis.pdf
http://ubuntu.com/usn/usn-1056-1
http://www.debian.org/security/2010/dsa-2099
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2010:221
http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html
http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690
http://www.openwall.com/lists/oss-security/2010/08/11/1
http://www.openwall.com/lists/oss-security/2010/08/11/4
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
http://www.redhat.com/support/errata/RHSA-2010-0643.html
http://www.securitytracker.com/id?1024352
http://www.securitytracker.com/id?1024976
http://www.vupen.com/english/advisories/2010/2003
http://www.vupen.com/english/advisories/2010/2149
http://www.vupen.com/english/advisories/2010/2228
http://www.vupen.com/english/advisories/2010/2905
http://www.vupen.com/english/advisories/2011/0150
http://www.vupen.com/english/advisories/2011/0230
http://www.vupen.com/english/advisories/2011/0279
https://bugzilla.redhat.com/show_bug.cgi?id=622529
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12063