CVE-2010-3453

CWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow6 documents6 sources
Severity
9.3CRITICAL
EPSS
7.3%
top 8.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apache OpenofficeCanonical Ubuntu LinuxDebian Debian Linux
Timeline
PublishedJan 28
Latest updateMay 13

Description

The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDapache/openoffice2.0.03.3.0

Also affects: Debian Linux 5.0, 6.0, Ubuntu Linux 10.04, 10.10, 8.04, 9.10

🔴Vulnerability Details

2
GHSA
GHSA-wmv5-vqx6-3hcq: The WW8ListManager::WW8ListManager function in oowriter in OpenOffice2022-05-13
CVEList
CVE-2010-3453: The WW8ListManager::WW8ListManager function in oowriter in OpenOffice2011-01-28

📋Vendor Advisories

2
Ubuntu
OpenOffice.org vulnerabilities2011-02-02
Red Hat
OpenOffice.org: Heap-based buffer overflow by processing *.doc files with WW8 list styles with specially-crafted count of list levels2011-01-26

💬Community

1
Bugzilla
CVE-2010-3453 OpenOffice.org: Heap-based buffer overflow by processing *.doc files with WW8 list styles with specially-crafted count of list levels2010-10-07
CVE-2010-3453 (CRITICAL CVSS 9.3) | The WW8ListManager::WW8ListManager | cvebase.io