Apache Software Foundation Apache Openoffice vulnerabilities

CVE-2021-25633 [HIGH] CWE-295 CVE-2021-25633: LibreOffice supports digital signatures of ODF documents and macros within documents, presenting vis LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating t

CVE-2021-41832 [MEDIUM] CWE-347 Content Manipulation with Certificate Validation Attack Content Manipulation with Certificate Validation Attack It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25635 for the LibreOffice advisory.

CVE-2021-28129 [HIGH] CWE-284 CVE-2021-28129: While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. This both caused issues with desktop integration and could allow a crafted attack on files owned by that user or group if they exist. Users who installed the Apache OpenOffice 4.1.8 DEB packagin

CVE-2021-40439 [MEDIUM] CWE-611 Billion Laughs Billion Laughs Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE-2013-0340 a "Billion Laughs" entity expansion denial of service attack and exploit via crafted XML files. ODF files consist of a set of XML files. All versions of Apache OpenOffice up to 4.1.10 are subject to this issue. expat in version 4.1.11 is patched.

CVE-2021-33035 [HIGH] CWE-120 CVE-2021-33035: Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the allocated space, leading to the execution of arbitrary c

CVE-2021-30245 [HIGH] CWE-610 CVE-2021-30245: The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted code execution. It is always best practice to be careful opening documents from unknown and unverif

CVE-2018-11790 [HIGH] CWE-682 CVE-2018-11790: When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation.

CVE-2017-12608 [HIGH] CWE-787 CVE-2017-12608: A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in Import A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in ImportOldFormatStyles, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.

CVE-2017-12607 [HIGH] CWE-787 CVE-2017-12607: A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, all A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.

CVE-2017-9806 [HIGH] CWE-787 CVE-2017-9806: A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fo A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.

CVE-2016-6804 [HIGH] CWE-264 CVE-2016-6804: The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated privileges. This requires that the location in which the installer is run has been previously poisoned by a file that impersonates a dynamic-link library that

CVE-2017-3157 [MEDIUM] CWE-200 CVE-2017-3157: By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could cra By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into saving the document and convincing the user to send t

CVE-2016-6803 [HIGH] CWE-426 CVE-2016-6803: An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache Ope An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan Horse application (or user) running with administrative privilege. Any installer with the unquoted search path vulnerability becomes a delayed trigger for t

CVE-2013-0340 [MEDIUM] CWE-611 CVE-2013-0340: expat before version 2.4.0 does not properly handle entities expansion unless an application develop expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE