{
  "threat_severity" : "Moderate",
  "public_date" : "2010-07-26T00:00:00Z",
  "bugzilla" : {
    "description" : "OpenOffice.org: Heap-based buffer overflow by parsing specially-crafted Microsoft PowerPoint document",
    "id" : "622555",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=622555"
  },
  "cvss" : {
    "cvss_base_score" : "6.8",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
    "status" : "verified"
  },
  "cwe" : "CWE-122",
  "details" : [ "Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer overflow." ],
  "statement" : "This issue is not planned to be fixed in Red Hat Enterprise Linux 5,\nas its impact is mitigated by standard glibc protection mechanisms to\ncause only application abort.\nRed Hat Security Response Team does not consider a user-assisted crash\n(abort) of a client application, such as OpenOffice.org Impress tool,\nto be a security issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 3",
    "release_date" : "2010-08-23T00:00:00Z",
    "advisory" : "RHSA-2010:0643",
    "cpe" : "cpe:/o:redhat:enterprise_linux:3",
    "package" : "openoffice.org-0:1.1.2-48.2.0.EL3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 4",
    "release_date" : "2010-08-23T00:00:00Z",
    "advisory" : "RHSA-2010:0643",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4",
    "package" : "openoffice.org-0:1.1.5-10.6.0.7.EL4.5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 4",
    "release_date" : "2010-08-23T00:00:00Z",
    "advisory" : "RHSA-2010:0643",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4",
    "package" : "openoffice.org2-1:2.0.4-5.7.0.6.1.el4_8.6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Affected",
    "package_name" : "openoffice.org",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Affected",
    "package_name" : "openoffice.org",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2010-2936\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-2936" ],
  "name" : "CVE-2010-2936",
  "csaw" : false
}