Detections
Analytics
CVE-2010-2935
high
Description
simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error."
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12063
https://bugzilla.redhat.com/show_bug.cgi?id=622529
http://www.vupen.com/english/advisories/2011/0279
http://www.vupen.com/english/advisories/2011/0230
http://www.vupen.com/english/advisories/2011/0150
http://www.vupen.com/english/advisories/2010/2905
http://www.vupen.com/english/advisories/2010/2228
http://www.vupen.com/english/advisories/2010/2149
http://www.vupen.com/english/advisories/2010/2003
http://www.securitytracker.com/id?1024976
http://www.securitytracker.com/id?1024352
http://www.redhat.com/support/errata/RHSA-2010-0643.html
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
http://www.openwall.com/lists/oss-security/2010/08/11/4
http://www.openwall.com/lists/oss-security/2010/08/11/1
http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690
http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:221
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
http://www.debian.org/security/2010/dsa-2099
http://ubuntu.com/usn/usn-1056-1
http://securityevaluators.com/files/papers/CrashAnalysis.pdf
http://secunia.com/advisories/60799
http://secunia.com/advisories/43105
http://secunia.com/advisories/42927
http://secunia.com/advisories/41235
http://secunia.com/advisories/41052
http://secunia.com/advisories/40775
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html