CVE-2010-3451 — Use After Free in Apache Openoffice

CWE-416 — Use After Free6 documents6 sources

Severity

9.3CRITICALNVD

EPSS

10.9%

top 6.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Openoffice Canonical Ubuntu Linux Debian Linux

Timeline

PublishedJan 28

Latest updateMay 13

Description

Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed tables in an RTF document.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDapache/openoffice2.0.0 — 3.3.0

Also affects: Debian Linux 5.0, 6.0, Ubuntu Linux 10.04, 10.10, 8.04, 9.10

🔴Vulnerability Details

GHSA

GHSA-ww39-6r8q-4hxx: Use-after-free vulnerability in oowriter in OpenOffice↗2022-05-13

▶

CVEList

CVE-2010-3451: Use-after-free vulnerability in oowriter in OpenOffice↗2011-01-28

▶

📋Vendor Advisories

Ubuntu

OpenOffice.org vulnerabilities↗2011-02-02

▶

Red Hat

OpenOffice.org: Array index error by insecure parsing of broken rtf tables↗2011-01-26

▶

💬Community

Bugzilla

CVE-2010-3451 OpenOffice.org: Array index error by insecure parsing of broken rtf tables↗2010-10-08

▶