1. Home
  2. CVE Database
  3. CVE-2010-2935
HIGH · 9.3

CVE-2010-2935

simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to ca...

Vulnerability Description

simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error."

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
OpenofficeOpenoffice.Org3.2.1
MicrosoftWindowsAll versions

Related Weaknesses (CWE)

CWE-189

References

FAQ

What is CVE-2010-2935?

CVE-2010-2935 is a vulnerability with a CVSS score of 9.3 (HIGH). simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to ca...

How severe is CVE-2010-2935?

CVE-2010-2935 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-2935?

Check the references section above for vendor advisories and patch information. Affected products include: Openoffice Openoffice.Org, Microsoft Windows.