11 matches found
CVE-2026-46722
The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...
CVE-2026-46722 XML External Entity Injection in extension "Faceted Search" (ke_search)
The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...
Apache POI Denial of Service Vulnerability (CNVD-2018-03242)
Apache POI is the United States Apache Apache Software Foundation, an open source library that provides APIs to Java programs can be read and write Microsoft Office format files. There are security vulnerabilities in Apache POI. The vulnerability can be exploited to cause a denial of service out ...
USN-3472-1 libreoffice vulnerabilities
Marcin Noga discovered that LibreOffice incorrectly handled PPT documents. If a user were tricked into opening a specially crafted PPT document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. CVE-2017-12607 Marcin Noga discovered that LibreOffice...
Symantec Mail Security for Exchange / Domino Decomposer Engine Multiple Vulnerabilities (SYM16-010)
The version of Symantec Mail Security for Exchange or Domino installed on the remote Windows host is affected by multiple vulnerabilities in the decomposer engine : - An array indexing error exists in the UnRAR component in the Unpack::ShortLZ function in unpack15.cpp that is triggered when...
Microsoft PowerPoint OEPlaceholderAtom Arbitrary Array Indexing (MS10-004) - Ver2 (CVE-2010-0031)
Microsoft PowerPoint is a popular graphics software for preparing slides and presentations. Multiple remote code execution vulnerabilities have been identified in Microsoft PowerPoint. The vulnerabilities are due to an invalid array indexing and to a use after free error in Microsoft PowerPoint...
Oracle Linux 6 : openoffice.org (ELSA-2012-0705)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-0705 advisory. - Resolves: CVE-2012-2334 Integer overflow leading to buffer overflow by processing invalid Escher graphics records length in the Powerpoint documents...
Mandriva Linux Security Advisory : libreoffice (MDVSA-2012:091)
Security issues were identified and fixed in libreoffice : An integer overflow vulnerability in the libreoffice graphic loading code could allow a remote attacker to cause a denial of service application crash or potentially execute arbitrary code CVE-2012-1149. An integer overflow flaw, leading ...
libreoffice: Integer overflow leading to buffer overflow by processing invalid Escher graphics records length in the Powerpoint documents
Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org OOo 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via the length of an Escher graphics record in a PowerPoi...
OpenOffice.Org: Integer truncation error by parsing specially-crafted Microsoft PowerPoint document
simpress.bin in the Impress module in OpenOffice.org OOo 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted PowerPoi...
Microsoft PowerPoint LinkedSlideAtom Heap Overflow (MS10-004; CVE-2010-0030)
Microsoft PowerPoint is a popular graphics software for preparing slides and presentations. A remote code execution vulnerability has been identified in Microsoft PowerPoint. The vulnerability is due to a heap overflow in Microsoft PowerPoint LinkedSlideAtom when processing malicious PowerPoint...