CVE-2010-4643 — Out-of-bounds Write in Apache Openoffice

CWE-787 — Out-of-bounds Write CWE-122 — Heap-based Buffer Overflow6 documents6 sources

Severity

9.3CRITICALNVD

EPSS

4.2%

top 11.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Openoffice

Timeline

PublishedJan 28

Latest updateMay 13

Description

Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDapache/openoffice2.0.0 — 3.3.0

🔴Vulnerability Details

GHSA

GHSA-v68x-7337-q528: Heap-based buffer overflow in Impress in OpenOffice↗2022-05-13

▶

CVEList

CVE-2010-4643: Heap-based buffer overflow in Impress in OpenOffice↗2011-01-28

▶

📋Vendor Advisories

Ubuntu

OpenOffice.org vulnerabilities↗2011-02-02

▶

Red Hat

OpenOffice.org: heap based buffer overflow when parsing TGA files↗2011-01-26

▶

💬Community

Bugzilla

CVE-2010-4643 OpenOffice.org: heap based buffer overflow when parsing TGA files↗2011-01-06

▶