CVE-2010-4253

CWE-787 — Out-of-bounds Write CWE-122 — Heap-based Buffer Overflow6 documents6 sources

Severity

9.3CRITICAL

EPSS

6.2%

top 9.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Openoffice Canonical Ubuntu Linux Debian Debian Linux

Timeline

PublishedJan 28

Latest updateMay 13

Description

Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDapache/openoffice2.0.0 — 3.3.0

Also affects: Debian Linux 5.0, 6.0, Ubuntu Linux 10.04, 10.10, 8.04, 9.10

🔴Vulnerability Details

GHSA

GHSA-wcgm-22xw-7g2h: Heap-based buffer overflow in Impress in OpenOffice↗2022-05-13

▶

CVEList

CVE-2010-4253: Heap-based buffer overflow in Impress in OpenOffice↗2011-01-28

▶

📋Vendor Advisories

Ubuntu

OpenOffice.org vulnerabilities↗2011-02-02

▶

Red Hat

OpenOffice.org: heap based buffer overflow in PPT import↗2011-01-26

▶

💬Community

Bugzilla

CVE-2010-4253 OpenOffice.org: heap based buffer overflow in PPT import↗2010-11-29

▶