CVE-2010-2935

Summary

CVE	CVE-2010-2935
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2010-08-25 20:00:00 UTC
Updated	2017-09-19 01:31:00 UTC
Description	simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error."

Risk And Classification

Problem Types: CWE-189

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Microsoft	Windows	All	All	All	All
Operating System	Microsoft	Windows	All	All	All	All
Application	Openoffice	Openoffice.org	3.2.1	All	All	All
Application	Openoffice	Openoffice.org	3.2.1	All	All	All

References

Reference	Source	Link	Tags
Webmail - OVH	VUPEN	www.vupen.com	Vendor Advisory
OpenOffice.org Mailing List Archives	MLIST	www.openoffice.org
Oracle Critical Patch Update Pre-Release Announcement - January 2011	CONFIRM	www.oracle.com
OpenOffice.org Multiple Vulnerabilities - Advisories - Community	SECUNIA	secunia.com	Vendor Advisory
Advisories \| Mandriva	MANDRIVA	www.mandriva.com
Debian update for openoffice.org - Advisories - Community	SECUNIA	secunia.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com	Vendor Advisory
Security Advisory SA60799 - Gentoo openoffice Multiple Vulnerabilties - Secunia	SECUNIA	secunia.com
Red Hat update for openoffice.org - Advisories - Community	SECUNIA	secunia.com	Vendor Advisory
Oracle Open Office Two Vulnerabilities - Advisories - Community	SECUNIA	secunia.com
Ubuntu update for openoffice.org - Advisories - Community	SECUNIA	secunia.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:024	SUSE	lists.opensuse.org
CVE-2010-2935	CONFIRM	www.openoffice.org
OpenOffice Bugs in Processing PowerPoint Files Let Remote Users Execute Arbitrary Code - SecurityTracker	SECTRACK	www.securitytracker.com
Bug 622529 – CVE-2010-2935 OpenOffice.Org: Integer truncation error by parsing specially-crafted Microsoft PowerPoint document	CONFIRM	bugzilla.redhat.com
USN-1056-1: OpenOffice.org vulnerabilities \| Ubuntu	UBUNTU	ubuntu.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
Gentoo Linux Documentation -- OpenOffice, LibreOffice: Multiple vulnerabilities	GENTOO	www.gentoo.org
oss-security - Re: CVE Request -- OpenOffice.org [two ids]: 1, integer truncation error 2, short integer overflow	MLIST	www.openwall.com
Repository / Oval Repository	OVAL	oval.cisecurity.org
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:019	SUSE	lists.opensuse.org
Debian -- Security Information -- DSA-2099-1 openoffice.org	DEBIAN	www.debian.org
oss-security - CVE Request -- OpenOffice.org [two ids]: 1, integer truncation error 2, short integer overflow	MLIST	www.openwall.com
Webmail - OVH	VUPEN	www.vupen.com
SecurityTracker.com Archives - OpenOffice.org Impress Buffer Overflows Let Remote Users Execute Arbitrary Code	SECTRACK	www.securitytracker.com
rhn.redhat.com \| Red Hat Support	REDHAT	www.redhat.com
securityevaluators.com/files/papers/CrashAnalysis.pdf	MISC	securityevaluators.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.