Vulnerability CVE-2010-4643

Vulnerability Name:

CVE-2010-4643 (CCN-65441)

Assigned:

2011-01-26

Published:

2011-01-26

Updated:

2023-02-13

Summary:

Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-122

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2010-4643

Source: CCN
Type: RHSA-2011-0181
Important: openoffice.org and openoffice.org2 security update

Source: CCN
Type: RHSA-2011-0182
Important: openoffice.org security update

Source: CCN
Type: RHSA-2011-0183
Important: openoffice.org security and bug fix update

Source: CCN
Type: SA43913
Oracle Open Office Multiple Vulnerabilities

Source: CCN
Type: SA44202
IBM Lotus Symphony OpenOffice.org Multiple Vulnerabilities

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: DEBIAN
Type: DSA-2151
openoffice.org -- several vulnerabilities

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Broken Link
secalert@redhat.com

Source: CCN
Type: OpenOffice.org Web site
Security Vulnerability in OpenOffice.org related to TGA file processing

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: CCN
Type: Oracle Critical Patch Update Advisory - April 2011
Oracle Critical Patch Update Advisory - April 2011

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: OSVDB ID: 70718
OpenOffice.org (OOo) Impress Crafted TGA File Handling Overflow

Source: secalert@redhat.com
Type: Broken Link
secalert@redhat.com

Source: secalert@redhat.com
Type: Broken Link
secalert@redhat.com

Source: CCN
Type: BID-46031
OpenOffice Multiple Remote Code Execution Vulnerabilities

Source: secalert@redhat.com
Type: Broken Link, Third Party Advisory, VDB Entry
secalert@redhat.com

Source: secalert@redhat.com
Type: Broken Link, Third Party Advisory, VDB Entry
secalert@redhat.com

Source: secalert@redhat.com
Type: Broken Link, Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Broken Link, Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Broken Link, Vendor Advisory
secalert@redhat.com

Source: CCN
Type: Red Hat Bugzilla Bug 667588
CVE-2010-4643 OpenOffice.org: heap based buffer overflow when parsing TGA files

Source: secalert@redhat.com
Type: Issue Tracking, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory, VDB Entry
secalert@redhat.com

Source: XF
Type: UNKNOWN
ooo-tga-bo(65441)

Source: CCN
Type: IBM Support & Downloads Web site
IBM Lotus Symphony 3.0 Component Fix Pack 2 Release Notes

Source: SUSE
Type: SUSE-SR:2011:007
SUSE Security Summary Report

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration RedHat 6:

cpe:/a:redhat:rhel_productivity:5:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 10:

cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

Configuration RedHat 11:

cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

Configuration RedHat 12:

cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

Configuration RedHat 13:

cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:sun:openoffice.org:2.0.0:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:2.1.0:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:2.2.0:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:2.3.0:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:2.4.0:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:2.4.1:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:2.4.2:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:3.0.0:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:3.0.1:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:3.1.0:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:3.1.1:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:2.4.3:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:2.0.3:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:2.0.4:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:2.3.1:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:2.2.1:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:3.2.0:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:3.2.1:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*

OR cpe:/a:ibm:lotus_symphony:3.0.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:26107	P	Security update for openssl-1_0_0 (Important)	2021-08-24
oval:org.opensuse.security:def:26104	P	Security update for libcares2 (Important)	2021-08-16
oval:org.opensuse.security:def:20104643	V	CVE-2010-4643	2021-08-15
oval:org.opensuse.security:def:36482	P	libreoffice-testtool-3.4.5.5-0.3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36479	P	libreoffice-4.0.3.3.26-0.10.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26043	P	Security update for bind (Important)	2021-05-04
oval:org.opensuse.security:def:26040	P	Security update for gdm (Important)	2021-04-28
oval:org.opensuse.security:def:26032	P	Security update for sudo (Important)	2021-04-20
oval:org.opensuse.security:def:26029	P	Security update for the Linux Kernel (Important)	2021-04-15
oval:org.opensuse.security:def:26028	P	Security update for xorg-x11-server (Important)	2021-04-13
oval:org.opensuse.security:def:26031	P	Security update for php74 (Moderate)	2021-01-14
oval:org.opensuse.security:def:26316	P	Recommended update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:27445	P	libexpat-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26746	P	libfreebl3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26457	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26232	P	Security update for openconnect (Moderate)	2020-12-01
oval:org.opensuse.security:def:26804	P	perl-HTML-Parser on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26661	P	OpenEXR on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26370	P	Security update for mbedtls (Important)	2020-12-01
oval:org.opensuse.security:def:27477	P	libreoffice on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26749	P	libgtop on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26605	P	libtiff3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26235	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:26807	P	perl-spamassassin on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26707	P	glib2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26373	P	Security update for ffmpeg (Moderate)	2020-12-01
oval:org.opensuse.security:def:27480	P	libreoffice-testtool on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26760	P	libpoppler-glib4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26608	P	libxml2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26313	P	Security update for python-requests (Moderate)	2020-12-01
oval:org.opensuse.security:def:27442	P	libevent-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26710	P	gnome-screensaver on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26454	P	Security update for python-Jinja2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26763	P	libqt4-sql-mysql on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26658	P	MozillaFirefox on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:12858	P	DSA-2151-1 openoffice.org -- several	2015-02-23
oval:org.mitre.oval:def:13739	P	USN-1056-1 -- openoffice.org vulnerabilities	2014-06-30
oval:org.mitre.oval:def:23069	P	ELSA-2011:0182: openoffice.org security update (Important)	2014-05-26
oval:org.mitre.oval:def:23509	P	ELSA-2011:0183: openoffice.org security and bug fix update (Important)	2014-05-26
oval:org.mitre.oval:def:21381	P	RHSA-2011:0182: openoffice.org security update (Important)	2014-02-24
oval:org.mitre.oval:def:21625	P	RHSA-2011:0183: openoffice.org security and bug fix update (Important)	2014-02-24
oval:com.redhat.rhsa:def:20110181	P	RHSA-2011:0181: openoffice.org and openoffice.org2 security update (Important)	2011-01-28
oval:com.redhat.rhsa:def:20110182	P	RHSA-2011:0182: openoffice.org security update (Important)	2011-01-28
oval:com.redhat.rhsa:def:20110183	P	RHSA-2011:0183: openoffice.org security and bug fix update (Important)	2011-01-28

BACK