CVE-2010-4253

2011-01-2822:00:00

CWE-787

[email protected]

web.nvd.nist.gov

cve-2010-4253

buffer overflow

denial of service

remote code execution

openoffice

impress

ooo

png

odf

microsoft office

powerpoint

ppt

nvd

7.8 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.013 Low

EPSS

Percentile

85.5%

JSON

Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document.

CPENameOperatorVersion
apache:openofficeapache openofficelt3.3.0
debian:debian_linuxdebian debian linuxeq5.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq10.10
debian:debian_linuxdebian debian linuxeq6.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq9.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq8.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq10.04

CPE	Name	Operator	Version
apache:openoffice	apache openoffice	lt	3.3.0
debian:debian_linux	debian debian linux	eq	5.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	10.10
debian:debian_linux	debian debian linux	eq	6.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	9.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	8.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	10.04