CVE-2026-46722

The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...

CVE-2026-46722

CVE-2026-46722 affects the file indexer’s OOXML parsing (notably in the Faceted Search extension ke_search). The root cause is that external entity resolution is not disabled, allowing a crafted xlsx or pptx placed in an indexed directory to read local files or trigger outbound HTTP requests, wit...

CVE-2026-4430

CVE-2026-4430 is an out-of-bounds write in LibreOffice triggered by opening OOXML documents with malformed encryption parameters. Affected releases: LibreOffice 26.2 before 26.2.3 and 25.8 before 25.8.7. Debian security advisory DSA-6251-1 confirms a buffer overflow could cause an out-of-bounds w...

GHSA-RM4C-XJ6X-49MW Gotenberg has a Server-Side Request Forgery (SSRF) Issue

Summary The SSRF hardening shipped in v8.31.0 only covers outbound URLs that Gotenberg's Go code handles — Chromium asset fetches, webhook delivery, and download-from. The LibreOffice conversion endpoint /forms/libreoffice/convert passes uploaded documents directly to LibreOffice without inspecti...

CVE-2026-32630

file-type detects the file type of a file, stream, or data. From 20.0.0 to 21.3.1, a crafted ZIP file can trigger excessive memory growth during type detection in file-type when using fileTypeFromBuffer, fileTypeFromBlob, or fileTypeFromFile. The ZIP inflate output limit is enforced for...

EUVD-2012-1916

Malware in sbrugna...

CVE-2012-1907

The scanner engine in PrivaWall Antivirus 5.6 and earlier does not recognize the Office XML aka Open Document XML file format, which allows remote attackers to bypass malware detection via a crafted file embedded in a WordML document...

Purgalicious VBA: Macro Obfuscation With VBA Purging

Malicious Office documents remain a favorite technique for every type of threat actor, from red teamers to FIN groups to APTs. In this blog post, we will discuss "VBA Purging", a technique we have increasingly observed in the wild and that was first publicly documented by Didier Stevens in Februa...

Fedora 22 : clamav-0.98.7-1.fc22 (2015-7346)

ClamAV 0.98.7 ============= This release contains new scanning features and bug fixes. - Improvements to PDF processing: decryption, escape sequence handling, and file property collection. - Scanning/analysis of additional Microsoft Office 2003 XML format. - Fix infinite loop condition on crafted...

Format string

The scanner engine in PrivaWall Antivirus 5.6 and earlier does not recognize the Office XML aka Open Document XML file format, which allows remote attackers to bypass malware detection via a crafted file embedded in a WordML document...

CVE-2012-1907

The scanner engine in PrivaWall Antivirus 5.6 and earlier does not recognize the Office XML aka Open Document XML file format, which allows remote attackers to bypass malware detection via a crafted file embedded in a WordML document...

CVE-2012-1907

CVE-2012-1907 affects the PrivaWall Antivirus scanner engine (versions ≤ 5.6). The root cause is the engine’s failure to recognize Office XML/Open Document XML format, enabling a crafted file embedded in a WordML document to bypass malware detection. Impact: potential to evade scanning and malwar...

CVE-2012-1907

The scanner engine in PrivaWall Antivirus 5.6 and earlier does not recognize the Office XML aka Open Document XML file format, which allows remote attackers to bypass malware detection via a crafted file embedded in a WordML document...

Microsoft Office XML Converter for Mac Local Privilege Escalation Vulnerability

Description Microsoft Office XML Converter for Mac is prone to a local privilege-escalation vulnerability that affects filesystem Access Control Lists ACLs. A local attacker can exploit this issue to execute arbitrary code with superuser privileges. Successful exploits may result in the complete...

SuSE 10 Security Update : OpenOffice_org (ZYPP Patch Number 2651)

Following security problems were fixed in OpenOfficeorg : This update also brings OpenOfficeorg to version 2.0.4.17, same as SUSE Linux Enterprise Desktop 10 and contains lots of bugfixes. It also contains support for the Office XML converter hooks. - Various problems were fixed in the Wordperfec...