Home > Vulnerability Database > CVE-2010-2935

Mend.io Vulnerability Database

CVE-2010-2935

Date: August 25, 2010

simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error."

Severity Score

8.1

Related Resources (34)

Url: http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12063

Url: http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html

Url: http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2010-2935

Url: http://www.securitytracker.com/id?1024352

Url: http://secunia.com/advisories/40775

Url: http://www.vupen.com/english/advisories/2011/0230

Url: http://www.vupen.com/english/advisories/2011/0279

Url: http://secunia.com/advisories/43105

Url: http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690

Url: http://www.securitytracker.com/id?1024976

Url: http://secunia.com/advisories/60799

Url: http://secunia.com/advisories/42927

Url: http://securityevaluators.com/files/papers/CrashAnalysis.pdf

Url: http://www.vupen.com/english/advisories/2010/2003

Url: http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml

Url: http://www.openwall.com/lists/oss-security/2010/08/11/1

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2010:221

Url: http://www.vupen.com/english/advisories/2011/0150

Url: https://bugzilla.redhat.com/show_bug.cgi?id=622529

Url: http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

Url: http://www.vupen.com/english/advisories/2010/2228

Url: http://www.vupen.com/english/advisories/2010/2149

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2010-2935

Url: http://secunia.com/advisories/41052

Url: http://www.debian.org/security/2010/dsa-2099

Url: http://www.vupen.com/english/advisories/2010/2905

Url: http://www.redhat.com/support/errata/RHSA-2010-0643.html

Url: https://access.redhat.com/security/cve/CVE-2010-2935

Url: http://ubuntu.com/usn/usn-1056-1

Url: http://secunia.com/advisories/41235

Url: http://www.openwall.com/lists/oss-security/2010/08/11/4

Url: https://www.mend.io/vulnerability-database/CVE-2010-2935

Severity Score

8.1

Weakness Type (CWE)

Numeric Errors

CWE-189

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	9.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2010-2935

Date: August 25, 2010

Severity Score

Related Resources (34)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?