Openoffice Openoffice.Org vulnerabilities
12 known vulnerabilities affecting openoffice/openoffice.org.
Total CVEs
12
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL9HIGH1MEDIUM1LOW1
Vulnerabilities
Page 1 of 1
CVE-2009-0259P2CRITICALCVSS 9.3ExploitedPoCv1.1.2v1.1.3+2 more2009-01-22
CVE-2009-0259 [CRITICAL] CVE-2009-0259: The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial o
The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008, as demonstrated by 2008-crash.doc.rar, and a similar issue to CVE-2008
nvd
CVE-2008-0320P2CRITICALCVSS 9.3PoC≤ 2.3.1v2.0.3+4 more2008-04-17
CVE-2008-0320 [CRITICAL] CWE-119 CVE-2008-0320: Heap-based buffer overflow in the OLE importer in OpenOffice.org before 2.4 allows remote attackers
Heap-based buffer overflow in the OLE importer in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an OLE file with a crafted DocumentSummaryInformation stream.
nvd
CVE-2010-2936P3CRITICALCVSS 9.3v3.2.12010-08-25
CVE-2010-2936 [CRITICAL] CWE-189 CVE-2010-2936: Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.
Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer overflow.
nvd
CVE-2010-2935P3CRITICALCVSS 9.3v3.2.12010-08-25
CVE-2010-2935 [CRITICAL] CWE-189 CVE-2010-2935: simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly
simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overf
nvd
CVE-2009-0200P3CRITICALCVSS 9.3≤ 3.1v1.0-ru+49 more2009-09-02
CVE-2009-0200 [CRITICAL] CWE-189 CVE-2009-0200: Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might al
Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow.
nvd
CVE-2009-0201P3CRITICALCVSS 9.3≤ 3.1v1.1.2+14 more2009-09-02
CVE-2009-0201 [CRITICAL] CWE-119 CVE-2009-0201: Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9
Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to "table parsing."
nvd
CVE-2008-2237P3CRITICALCVSS 9.3≤ 2.4.1v2.0+10 more2008-10-30
CVE-2008-2237 [CRITICAL] CWE-119 CVE-2008-2237: Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 allows remote attackers to execu
Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 allows remote attackers to execute arbitrary code via a crafted WMF file associated with a StarOffice/StarSuite document.
nvd
CVE-2008-2238P3CRITICALCVSS 9.3≤ 2.4.1v2.0+10 more2008-10-30
CVE-2008-2238 [CRITICAL] CWE-119 CVE-2008-2238: Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 allow remote attackers to execut
Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 allow remote attackers to execute arbitrary code via crafted EMR records in an EMF file associated with a StarOffice/StarSuite document, which trigger a heap-based buffer overflow.
nvd
CVE-2008-2152P3CRITICALCVSS 9.3v2.0v2.1+3 more2008-06-10
CVE-2008-2152 [CRITICAL] CWE-189 CVE-2008-2152: Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.o
Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow.
nvd
CVE-2008-3437P3HIGHCVSS 7.5v1.1.5v2.0+3 more2008-08-01
CVE-2008-3437 [HIGH] CWE-94 CVE-2008-3437: OpenOffice.org (OOo) before 2.1.0 does not properly verify the authenticity of updates, which allows
OpenOffice.org (OOo) before 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
nvd
CVE-2007-5746P4MEDIUMCVSS 6.8v2.0.3v2.1+4 more2008-04-17
CVE-2007-5746 [MEDIUM] CWE-189 CVE-2007-5746: Integer overflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (
Integer overflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an EMF file with a crafted EMR_STRETCHBLT record, which triggers a heap-based buffer overflow.
nvd
CVE-2008-4937P4LOWCVSS 2.6v2.4.12008-11-05
CVE-2008-4937 [LOW] CWE-59 CVE-2008-4937: senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to overwrite arbitrary files via a symlink
senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/log.obr.##### temporary file.
nvd