Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2010-2935
HistoryAug 25, 2010 - 12:00 a.m.

CVE-2010-2935

2010-08-2500:00:00
ubuntu.com
ubuntu.com
26

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.127 Low

EPSS

Percentile

95.5%

JSON

simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x
before 3.3 does not properly handle integer values associated with
dictionary property items, which allows remote attackers to cause a denial
of service (application crash) or possibly execute arbitrary code via a
crafted PowerPoint document that triggers a heap-based buffer overflow,
related to an “integer truncation error.”

Notes

Author Note
mdeslaur protected by heap-protector, downgrading to low
jdstrand libreoffice 1:3.3.4-0ubuntu1 are already fixed
OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchopenoffice.org< 1:2.4.1-1ubuntu2.5UNKNOWN
ubuntu9.10noarchopenoffice.org< 1:3.1.1-5ubuntu1.3UNKNOWN
ubuntu10.04noarchopenoffice.org< 1:3.2.0-7ubuntu4.2UNKNOWN
ubuntu10.10noarchopenoffice.org< 1:3.2.1-7ubuntu1.1UNKNOWN

Related

cvelist 1
prion 1
nvd 1
cve 1
oraclelinux 1
nessus 23
securityvulns 3
openvas 17
centos 1
redhat 1
debian 4
kaspersky 1
ubuntu 1
fedora 1
freebsd 1
gentoo 1
oracle 1
cvelist
cvelist
CVE-2010-2935
2010-08-25 19:00:00
prion
prion
Heap overflow
2010-08-25 20:00:00
nvd
nvd
CVE-2010-2935
2010-08-25 20:00:17
cve
cve
CVE-2010-2935
2010-08-25 20:00:17
oraclelinux
oraclelinux
openoffice.org security update
2010-08-23 00:00:00
nessus
nessus
Scientific Linux Security Update : openoffice.org on SL3.x i386/x86_64
2012-08-01 00:00:00
Scientific Linux Security Update : openoffice.org on SL4.x i386/x86_64
2012-08-01 00:00:00
SuSE 10 Security Update : OpenOffice_org (ZYPP Patch Number 7148)
2011-01-27 00:00:00
securityvulns
securityvulns
OpenOffice integer overflows
2010-08-31 00:00:00
[SECURITY] [DSA 2099-1] New OpenOffice.org packages fix arbitrary code execution
2010-08-31 00:00:00
Oracle / Sun / Peoplesoft / Open Office applications multiple security vulnerabilities
2011-02-26 00:00:00
openvas
openvas
RedHat Update for openoffice.org RHSA-2010:0643-01
2010-08-30 00:00:00
CentOS Update for openoffice.org CESA-2010:0643 centos4 i386
2010-08-30 00:00:00
CentOS Update for openoffice.org CESA-2010:0643 centos3 i386
2010-08-30 00:00:00
centos
centos
openoffice.org, openoffice.org2 security update
2010-08-25 13:52:49
redhat
redhat
(RHSA-2010:0643) Important: openoffice.org security update
2010-08-23 00:00:00
debian
debian
Security update for openoffice.org
2010-09-12 19:39:12
Security update for openoffice.org
2010-09-07 16:34:51
Security update for openoffice.org
2010-09-07 16:34:51
kaspersky
kaspersky
KLA10280 DoS vulnerability in OpenOffice.org
2010-08-25 00:00:00
ubuntu
ubuntu
OpenOffice.org vulnerabilities
2011-02-02 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: openoffice.org-3.2.0-12.35.fc13
2011-02-17 00:50:23
freebsd
freebsd
openoffice.org -- Multiple vulnerabilities
2010-08-04 00:00:00
gentoo
gentoo
OpenOffice, LibreOffice: Multiple vulnerabilities
2014-08-31 00:00:00
oracle
oracle
Oracle Critical Patch Update - January 2011
2011-01-18 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.127 Low

EPSS

Percentile

95.5%

JSON
Related for UB:CVE-2010-2935
cvelist1prion1nvd1cve1oraclelinux1nessus23securityvulns3openvas17centos1redhat1debian4kaspersky1ubuntu1fedora1freebsd1gentoo1oracle1