CVE-2010-4253
OpenOffice.org: heap based buffer overflow in PPT import
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document.
Desbordamiento de búfer basado en memoria dinámica en Impress en OpenOffice.org (OOo) v2.x y v3.x anteriores a v3.3 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) y posiblemente ejecutar código arbitrario a través de un fichero PNG manipulado en un fichero ODF o Microsoft Office, como se demostró por un documento PowerPoint (también conocido como PPT).
Multiple vulnerabilities have been addressed in OpenOffice. Charlie Miller discovered several heap overflows in PPT processing. Marc Schoenefeld discovered that directory traversal was not correctly handled in XSLT, OXT, JAR, or ZIP files. Dan Rosenberg discovered multiple heap overflows in RTF and DOC processing. Dmitri Gribenko discovered that OpenOffice.org did not correctly handle LD_LIBRARY_PATH in various tools. Marc Schoenefeld discovered that OpenOffice.org did not correctly process PNG images. It was discovered that OpenOffice.org did not correctly process TGA images.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-11-16 CVE Reserved
- 2011-01-26 CVE Published
- 2024-08-07 CVE Updated
- 2025-04-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-122: Heap-based Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (20)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/70717 | Broken Link | |
| http://secunia.com/advisories/40775 | Broken Link | |
| http://secunia.com/advisories/42999 | Broken Link | |
| http://secunia.com/advisories/43065 | Broken Link | |
| http://secunia.com/advisories/43105 | Broken Link | |
| http://secunia.com/advisories/60799 | Broken Link | |
| http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html | Third Party Advisory |
|
| http://www.securityfocus.com/bid/46031 | Broken Link | |
| http://www.securitytracker.com/id?1025002 | Broken Link | |
| http://www.vupen.com/english/advisories/2011/0279 | Broken Link |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://ubuntu.com/usn/usn-1056-1 | 2023-02-13 | |
| http://www.debian.org/security/2011/dsa-2151 | 2023-02-13 | |
| http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml | 2023-02-13 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2011:027 | 2023-02-13 | |
| http://www.openoffice.org/security/cves/CVE-2010-4253.html | 2023-02-13 | |
| http://www.redhat.com/support/errata/RHSA-2011-0182.html | 2023-02-13 | |
| http://www.vupen.com/english/advisories/2011/0230 | 2023-02-13 | |
| http://www.vupen.com/english/advisories/2011/0232 | 2023-02-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=658259 | 2011-01-28 | |
| https://access.redhat.com/security/cve/CVE-2010-4253 | 2011-01-28 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Openoffice Search vendor "Apache" for product "Openoffice" | >= 2.0.0 < 3.3.0 Search vendor "Apache" for product "Openoffice" and version " >= 2.0.0 < 3.3.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 8.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 9.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "9.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 10.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 10.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.10" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 5.0 Search vendor "Debian" for product "Debian Linux" and version "5.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 6.0 Search vendor "Debian" for product "Debian Linux" and version "6.0" | - |
Affected
| ||||||