CVE-2013-4156 — Out-of-bounds Write in Apache Openoffice

CWE-787 — Out-of-bounds Write CWE-476 — NULL Pointer Dereference7 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

1.2%

top 20.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libreoffice Apache Openoffice

Timeline

PublishedJul 31

Latest updateMay 13

Description

Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDapache/openoffice< 4.0.0

▶Debianlibreoffice/libreoffice< 1:4.1.0-1+3

🔴Vulnerability Details

GHSA

GHSA-87fc-f528-hx2w: Apache OpenOffice↗2022-05-13

▶

OSV

CVE-2013-4156: Apache OpenOffice↗2013-07-31

▶

CVEList

CVE-2013-4156: Apache OpenOffice↗2013-07-31

▶

📋Vendor Advisories

Red Hat

libreoffice: NULL pointer dereference when parsing certain DOCM documents↗2013-07-26

▶

Debian

CVE-2013-4156: libreoffice - Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial...↗2013

▶

💬Community

Bugzilla

CVE-2013-4156 openoffice.org, libreoffice: NULL pointer dereference when parsing certain DOCM documents↗2013-07-26

▶