{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-08-06T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer overflow."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "40775", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/40775"}, {"name": "[dev] 20100806 Two exploitable OpenOffice.org bugs!", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690"}, {"name": "MDVSA-2010:221", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:221"}, {"name": "ADV-2010-2003", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/2003"}, {"name": "60799", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60799"}, {"name": "1024976", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1024976"}, {"name": "GLSA-201408-19", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"}, {"name": "ADV-2011-0150", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0150"}, {"name": "oval:org.mitre.oval:def:12144", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12144"}, {"name": "42927", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42927"}, {"name": "RHSA-2010:0643", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0643.html"}, {"name": "ADV-2011-0230", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0230"}, {"name": "ADV-2010-2149", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/2149"}, {"name": "[oss-security] 20100811 CVE Request -- OpenOffice.org [two ids]: 1, integer truncation error 2, short integer overflow", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/08/11/1"}, {"name": "ADV-2010-2228", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/2228"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=622529#c6"}, {"name": "41235", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/41235"}, {"name": "USN-1056-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://ubuntu.com/usn/usn-1056-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=622555"}, {"name": "ADV-2011-0279", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0279"}, {"name": "1024352", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1024352"}, {"name": "43105", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43105"}, {"tags": ["x_refsource_MISC"], "url": "http://securityevaluators.com/files/papers/CrashAnalysis.pdf"}, {"name": "SUSE-SR:2010:024", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"}, {"name": "DSA-2099", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2010/dsa-2099"}, {"name": "SUSE-SR:2010:019", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"}, {"name": "41052", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/41052"}, {"name": "ADV-2010-2905", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/2905"}, {"name": "[oss-security] 20100811 Re: CVE Request -- OpenOffice.org [two ids]: 1, integer truncation error 2, short integer overflow", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/08/11/4"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T02:46:48.696Z"}, "title": "CVE Program Container", "references": [{"name": "40775", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/40775"}, {"name": "[dev] 20100806 Two exploitable OpenOffice.org bugs!", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690"}, {"name": "MDVSA-2010:221", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:221"}, {"name": "ADV-2010-2003", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/2003"}, {"name": "60799", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60799"}, {"name": "1024976", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1024976"}, {"name": "GLSA-201408-19", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"}, {"name": "ADV-2011-0150", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0150"}, {"name": "oval:org.mitre.oval:def:12144", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12144"}, {"name": "42927", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42927"}, {"name": "RHSA-2010:0643", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0643.html"}, {"name": "ADV-2011-0230", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0230"}, {"name": "ADV-2010-2149", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/2149"}, {"name": "[oss-security] 20100811 CVE Request -- OpenOffice.org [two ids]: 1, integer truncation error 2, short integer overflow", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/08/11/1"}, {"name": "ADV-2010-2228", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/2228"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=622529#c6"}, {"name": "41235", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/41235"}, {"name": "USN-1056-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://ubuntu.com/usn/usn-1056-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=622555"}, {"name": "ADV-2011-0279", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0279"}, {"name": "1024352", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1024352"}, {"name": "43105", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43105"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://securityevaluators.com/files/papers/CrashAnalysis.pdf"}, {"name": "SUSE-SR:2010:024", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"}, {"name": "DSA-2099", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2010/dsa-2099"}, {"name": "SUSE-SR:2010:019", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"}, {"name": "41052", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/41052"}, {"name": "ADV-2010-2905", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/2905"}, {"name": "[oss-security] 20100811 Re: CVE Request -- OpenOffice.org [two ids]: 1, integer truncation error 2, short integer overflow", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/08/11/4"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-2936", "datePublished": "2010-08-25T19:00:00", "dateReserved": "2010-08-04T00:00:00", "dateUpdated": "2024-08-07T02:46:48.696Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openoffice:openoffice.org:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "B0D9F8E7-18FF-43B1-B88F-84AD1476739C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer overflow."}, {"lang": "es", "value": "Desbordamiento de entero en simpress.bin en el m\u00f3dulo Impress en OpenOffice.org (OOo) v3.2.1 sobre Windows, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente, la ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n a trav\u00e9s de pol\u00edgonos modificados en un documento PowerPoint que provoca un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap)."}], "id": "CVE-2010-2936", "lastModified": "2023-02-13T03:19:22.570", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-08-25T20:00:17.690", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/40775"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/41052"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/41235"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/42927"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/43105"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/60799"}, {"source": "secalert@redhat.com", "url": "http://securityevaluators.com/files/papers/CrashAnalysis.pdf"}, {"source": "secalert@redhat.com", "url": "http://ubuntu.com/usn/usn-1056-1"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2010/dsa-2099"}, {"source": "secalert@redhat.com", "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:221"}, {"source": "secalert@redhat.com", "url": "http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html"}, {"source": "secalert@redhat.com", "url": "http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2010/08/11/1"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2010/08/11/4"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2010-0643.html"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id?1024352"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id?1024976"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2003"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2149"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2010/2228"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2010/2905"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2011/0150"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2011/0230"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2011/0279"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=622529#c6"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=622555"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12144"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2010:0643", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "openoffice.org-0:1.1.2-48.2.0.EL3", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2010-08-23T00:00:00Z"}, {"advisory": "RHSA-2010:0643", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "openoffice.org-0:1.1.5-10.6.0.7.EL4.5", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2010-08-23T00:00:00Z"}, {"advisory": "RHSA-2010:0643", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "openoffice.org2-1:2.0.4-5.7.0.6.1.el4_8.6", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2010-08-23T00:00:00Z"}], "bugzilla": {"description": "OpenOffice.org: Heap-based buffer overflow by parsing specially-crafted Microsoft PowerPoint document", "id": "622555", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=622555"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-122", "details": ["Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer overflow."], "name": "CVE-2010-2936", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Affected", "package_name": "openoffice.org", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "openoffice.org", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2010-07-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-2936\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-2936"], "statement": "This issue is not planned to be fixed in Red Hat Enterprise Linux 5,\nas its impact is mitigated by standard glibc protection mechanisms to\ncause only application abort.\nRed Hat Security Response Team does not consider a user-assisted crash\n(abort) of a client application, such as OpenOffice.org Impress tool,\nto be a security issue.", "threat_severity": "Moderate"}