CVE-2025-64406 — Out-of-bounds Write in Apache Openoffice

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 74.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Openoffice Apache Software Foundation Apache Openoffice

Timeline

PublishedNov 12

Description

An out-of-bounds Write vulnerability in Apache OpenOffice could allow an attacker to craft a document that would crash the program, or otherwise corrupt other memory areas. This issue affects Apache OpenOffice: through 4.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDapache/openoffice< 4.1.16

▶CVEListV5apache_software_foundation/apache_openoffice4.1.15

🔴Vulnerability Details

CVEList

Apache OpenOffice: Possible memory corruption during CSV import↗2025-11-12

▶

GHSA

GHSA-fj59-gg5v-953f: An out-of-bounds Write vulnerability in Apache OpenOffice could allow an attacker to craft a document that would crash the program, or otherwise corru↗2025-11-12

▶