Launchpad CVE tracker

CVE 2010-2935

simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error."

Related bugs and status

CVE-2010-2935 (Candidate) is related to these bugs:

Bug #616879: Open Office splash screen's progress bar obscures the text

Summary				In	Importance	Status
	616879	Open Office splash screen's progress bar obscures the text		openoffice.org (Ubuntu)	Undecided	Fix Released
	616879	Open Office splash screen's progress bar obscures the text		openoffice.org (Ubuntu Lucid)	Undecided	Won't Fix

Bug #619858: starts pulling OpenJDK into CDs

		In	Importance	Status
619858	starts pulling OpenJDK into CDs	openoffice.org-l10n (Ubuntu)	High	Fix Released
619858	starts pulling OpenJDK into CDs	openoffice.org-l10n (Ubuntu Maverick)	High	Fix Released
619858	starts pulling OpenJDK into CDs	openoffice.org (Ubuntu)	High	Fix Released
619858	starts pulling OpenJDK into CDs	openoffice.org (Ubuntu Maverick)	High	Fix Released

Bug #882588: LibreOffice/Mozilla integration broken

Summary				In	Importance	Status
	882588	LibreOffice/Mozilla integration broken		libreoffice (Ubuntu)	Undecided	Fix Released
	882588	LibreOffice/Mozilla integration broken		firefox (Ubuntu)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2010-2935

References