CVE-2010-4643: Buffer Overflow
First published: Thu Jan 06 2011(Updated: )
A heap-based buffer overflow was discovered in various versions of OpenOffice.org, when reading certain TGA files. If a user opened a specially crafted TGA file, it could lead to application crash or possibly execution of arbitrary code, with the privileges of the user running OpenOffice.org Impress. This has been assigned <a href="https://access.redhat.com/security/cve/CVE-2010-4643">CVE-2010-4643</a>. Acknowledgements: Red Hat would like to thank OpenOffice.org for reporting this issue.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache OpenOffice | >=2.0.0<3.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.vupen.com/english/advisories/2011/0230
- http://secunia.com/advisories/43065
- http://www.vupen.com/english/advisories/2011/0232
- http://www.securityfocus.com/bid/46031
- http://www.openoffice.org/security/cves/CVE-2010-4643.html
- https://bugzilla.redhat.com/show_bug.cgi?id=667588
- http://www.debian.org/security/2011/dsa-2151
- http://secunia.com/advisories/43105
- http://secunia.com/advisories/43118
- http://secunia.com/advisories/42999
- http://www.redhat.com/support/errata/RHSA-2011-0181.html
- http://ubuntu.com/usn/usn-1056-1
- http://www.securitytracker.com/id?1025002
- http://www.redhat.com/support/errata/RHSA-2011-0182.html
- http://osvdb.org/70718
- http://www.vupen.com/english/advisories/2011/0279
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:027
- http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
- http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
- http://secunia.com/advisories/60799
- http://secunia.com/advisories/40775
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65441
- https://access.redhat.com/security/cve/CVE-2010-4643
- https://rhn.redhat.com/errata/RHSA-2011-0181.html
- https://rhn.redhat.com/errata/RHSA-2011-0182.html
- https://rhn.redhat.com/errata/RHSA-2011-0183.html
Frequently Asked Questions
What is the severity of CVE-2010-4643?
CVE-2010-4643 is considered a critical vulnerability due to the potential for arbitrary code execution.
How do I fix CVE-2010-4643?
To fix CVE-2010-4643, update Apache OpenOffice to a version that is not affected by the vulnerability.
Which versions of Apache OpenOffice are affected by CVE-2010-4643?
CVE-2010-4643 affects Apache OpenOffice versions from 2.0.0 to 3.3.0.
What kind of attack is possible with CVE-2010-4643?
An attacker can exploit CVE-2010-4643 by crafting a malicious TGA file that, when opened, may lead to application crashes or execution of arbitrary code.
In what conditions does CVE-2010-4643 occur?
CVE-2010-4643 occurs when a user opens a specially crafted TGA file using certain versions of Apache OpenOffice.
- collector/redhat-bugzilla
- alias/CVE-2010-4643
- agent/references
- agent/weakness
- agent/type
- agent/event
- agent/severity
- agent/author
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/apache
- canonical/apache openoffice
- version/apache openoffice/2.0.0