RedhatCVELIST:CVE-2010-2935CVE-2010-2935
simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an “integer truncation error.”
References
lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
secunia.com/advisories/40775
secunia.com/advisories/41052
secunia.com/advisories/41235
secunia.com/advisories/42927
secunia.com/advisories/43105
secunia.com/advisories/60799
securityevaluators.com/files/papers/CrashAnalysis.pdf
ubuntu.com/usn/usn-1056-1
www.debian.org/security/2010/dsa-2099
www.gentoo.org/security/en/glsa/glsa-201408-19.xml
www.mandriva.com/security/advisories?name=MDVSA-2010:221
www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html
www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690
www.openwall.com/lists/oss-security/2010/08/11/1
www.openwall.com/lists/oss-security/2010/08/11/4
www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
www.redhat.com/support/errata/RHSA-2010-0643.html
www.securitytracker.com/id?1024352
www.securitytracker.com/id?1024976
www.vupen.com/english/advisories/2010/2003
www.vupen.com/english/advisories/2010/2149
www.vupen.com/english/advisories/2010/2228
www.vupen.com/english/advisories/2010/2905
www.vupen.com/english/advisories/2011/0150
www.vupen.com/english/advisories/2011/0230
www.vupen.com/english/advisories/2011/0279
bugzilla.redhat.com/show_bug.cgi?id=622529
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12063
Related
