60 matches found
CVE-2021-28129
CVE-2021-28129 concerns the OpenOffice DEB package for version 4.1.8, where installation did not run as root but used UID/GID 500. This mispackaging could enable a crafted attack on files owned by that user/group if such files exist, potentially affecting desktop integration and local file owners...
CVE-2023-47804
CVE-2023-47804 affects Apache OpenOffice prior to 4.1.15. It stems from links in documents that call internal macros with arbitrary arguments; in affected versions, user approval for such links isn’t always requested, enabling arbitrary script execution when links are clicked or triggered by docu...
CVE-2011-2177
Vulnerability summary (CVE-2011-2177): OpenOffice.org v3.3 is affected. The issue allows execution of arbitrary code with the privileges of the user running the OpenOffice.org suite tools. The connected documents do not provide concrete exploit steps, affected component details beyond the product...
CVE-2025-64407
Technical details for CVE-2025-64407 are not publicly provided in the connected documents. Available sources discuss related vulnerabilities (CVE-2024-12425/12426) and Apache OpenOffice issues, but do not specify this CVE’s affected products, root cause, or fixes.
CVE-2025-64404
CVE-2025-64404 affects Apache OpenOffice up to version 4.1.15. The issue is a missing Authorization vulnerability that allows an attacker to craft a document containing links (specifically background fill or bullet images) that would cause external files to be loaded without prompting the user. A...
CVE-2025-64401
Apache OpenOffice is affected by a vulnerability where documents with floating frames linked to external files can load external content without user permission. Root cause: missing Authorization to load external links. Affected versions: Apache OpenOffice up to 4.1.15. Impact: loading external f...
CVE-2025-64403
CVE-2025-64403 affects Apache OpenOffice up to version 4.1.15 (Calc external data sources and other external links). Root cause is missing authorization checks that allow an attacker to craft a document to load links without prompting the user. A fix is available in OpenOffice 4.1.16. Other relat...
CVE-2025-64405
CVE-2025-64405 affects Apache OpenOffice up to version 4.1.15. The issue is a missing authorization check when handling external links, specifically in Calc spreadsheets with DDE links to external files, which could cause the external contents to be loaded without user prompt. The combined set of...
CVE-2025-64406
CVE-2025-64406 affects Apache OpenOffice up to 4.1.15. It is an out-of-bounds write vulnerability that could crash the program or corrupt memory when a crafted document is processed. Upgrading to OpenOffice 4.1.16 fixes the issue. CVSSv3.1 base score 4.3 (MEDIUM) with network attack vector, low c...
CVE-2025-64402
CVE-2025-64402 affects Apache OpenOffice up to 4.1.15. A missing Authorization vulnerability allows documents using OLE objects linked to external files to load those files without prompting the user. Impact: loading external content without user consent. A fix is available in OpenOffice 4.1.16; ...