CVE-2010-4643
OpenOffice.org: heap based buffer overflow when parsing TGA files
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.
Desbordamiento de buffer basado en memoria dinámica en Impress en OpenOffice.org (OOo) 2.x y 3.x en versiones anteriores a 3.3 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de un archivo Truevision TGA (TARGA) manipulado en un documento ODF o Microsoft Office.
Multiple vulnerabilities have been addressed in OpenOffice. Charlie Miller discovered several heap overflows in PPT processing. Marc Schoenefeld discovered that directory traversal was not correctly handled in XSLT, OXT, JAR, or ZIP files. Dan Rosenberg discovered multiple heap overflows in RTF and DOC processing. Dmitri Gribenko discovered that OpenOffice.org did not correctly handle LD_LIBRARY_PATH in various tools. Marc Schoenefeld discovered that OpenOffice.org did not correctly process PNG images. It was discovered that OpenOffice.org did not correctly process TGA images.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-01-03 CVE Reserved
- 2011-01-26 CVE Published
- 2024-08-07 CVE Updated
- 2025-04-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-122: Heap-based Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (23)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/70718 | Broken Link | |
| http://secunia.com/advisories/40775 | Broken Link | |
| http://secunia.com/advisories/42999 | Broken Link | |
| http://secunia.com/advisories/43065 | Broken Link | |
| http://secunia.com/advisories/43105 | Broken Link | |
| http://secunia.com/advisories/43118 | Broken Link | |
| http://secunia.com/advisories/60799 | Broken Link | |
| http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html | Third Party Advisory |
|
| http://www.securityfocus.com/bid/46031 | Broken Link | |
| http://www.securitytracker.com/id?1025002 | Broken Link | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/65441 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://ubuntu.com/usn/usn-1056-1 | 2023-02-13 | |
| http://www.debian.org/security/2011/dsa-2151 | 2023-02-13 | |
| http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml | 2023-02-13 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2011:027 | 2023-02-13 | |
| http://www.openoffice.org/security/cves/CVE-2010-4643.html | 2023-02-13 | |
| http://www.redhat.com/support/errata/RHSA-2011-0181.html | 2023-02-13 | |
| http://www.redhat.com/support/errata/RHSA-2011-0182.html | 2023-02-13 | |
| http://www.vupen.com/english/advisories/2011/0230 | 2023-02-13 | |
| http://www.vupen.com/english/advisories/2011/0232 | 2023-02-13 | |
| http://www.vupen.com/english/advisories/2011/0279 | 2023-02-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=667588 | 2011-01-28 | |
| https://access.redhat.com/security/cve/CVE-2010-4643 | 2011-01-28 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Openoffice Search vendor "Apache" for product "Openoffice" | >= 2.0.0 < 3.3.0 Search vendor "Apache" for product "Openoffice" and version " >= 2.0.0 < 3.3.0" | - |
Affected
| ||||||