Lucene search

K
cvelistApacheCVELIST:CVE-2021-40439
HistoryOct 07, 2021 - 3:50 p.m.

CVE-2021-40439 Billion Laughs

2021-10-0715:50:12
CWE-611
apache
www.cve.org
1

AI Score

7

Confidence

High

EPSS

0.005

Percentile

76.9%

Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE-2013-0340 a β€œBillion Laughs” entity expansion denial of service attack and exploit via crafted XML files. ODF files consist of a set of XML files. All versions of Apache OpenOffice up to 4.1.10 are subject to this issue. expat in version 4.1.11 is patched.

CNA Affected

[
  {
    "product": "Apache OpenOffice",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "4.1.10",
        "status": "affected",
        "version": "Apache OpenOffice",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "3.4",
        "status": "affected",
        "version": "OpenOffice.org",
        "versionType": "custom"
      }
    ]
  }
]