CVE-2010-3452 — Use After Free in Apache Openoffice

CWE-416 — Use After Free6 documents6 sources

Severity

9.3CRITICALNVD

EPSS

10.9%

top 6.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Openoffice Canonical Ubuntu Linux Debian Linux

Timeline

PublishedJan 28

Latest updateMay 13

Description

Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted tags in an RTF document.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDapache/openoffice2.0.0 — 3.3.0

Also affects: Debian Linux 5.0, 6.0, Ubuntu Linux 10.04, 10.10, 8.04, 9.10

🔴Vulnerability Details

GHSA

GHSA-v789-4vxg-r248: Use-after-free vulnerability in oowriter in OpenOffice↗2022-05-13

▶

CVEList

CVE-2010-3452: Use-after-free vulnerability in oowriter in OpenOffice↗2011-01-28

▶

📋Vendor Advisories

Ubuntu

OpenOffice.org vulnerabilities↗2011-02-02

▶

Red Hat

OpenOffice.org: Integer signedness error (crash) by processing certain RTF tags↗2011-01-26

▶

💬Community

Bugzilla

CVE-2010-3452 OpenOffice.org: Integer signedness error (crash) by processing certain RTF tags↗2010-10-05

▶