Lucene search

K

21 matches found

CVE
CVE
•added 2014/08/26 2:55 p.m.•125 views

CVE-2014-3524

Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet.

9.3CVSS7.6AI score0.08454EPSS
CVE
CVE
•added 2010/02/16 7:30 p.m.•119 views

CVE-2009-2950

Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, related to LZW decom...

9.3CVSS7.1AI score0.22964EPSS
CVE
CVE
•added 2010/02/16 7:30 p.m.•116 views

CVE-2009-2949

Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow.

9.3CVSS6.9AI score0.50178EPSS
CVE
CVE
•added 2010/02/16 7:30 p.m.•116 views

CVE-2009-3302

filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document, related to a "boundary error flaw."

9.3CVSS7AI score0.42759EPSS
CVE
CVE
•added 2010/02/16 7:30 p.m.•114 views

CVE-2009-3301

Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document.

9.3CVSS7AI score0.3875EPSS
CVE
CVE
•added 2017/11/20 3:29 p.m.•103 views

CVE-2016-6804

The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated privileges. This requires that the location in which the installer is run has been previously poisoned...

9.3CVSS7.8AI score0.00276EPSS
CVE
CVE
•added 2017/11/20 8:29 p.m.•101 views

CVE-2017-12608

A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in ImportOldFormatStyles, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.

7.8CVSS7.8AI score0.00861EPSS
CVE
CVE
•added 2017/11/20 7:29 p.m.•96 views

CVE-2017-12607

A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.

7.8CVSS7.8AI score0.00634EPSS
CVE
CVE
•added 2023/03/24 4:15 p.m.•95 views

CVE-2022-38745

Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.

7.8CVSS7.7AI score0.00083EPSS
CVE
CVE
•added 2012/08/06 6:55 p.m.•92 views

CVE-2012-2665

Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag with...

7.5CVSS6.9AI score0.04781EPSS
CVE
CVE
•added 2022/08/15 11:21 a.m.•85 views

CVE-2022-37401

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where master key was poorly encoded resulting in weakening its entropy from 12...

8.8CVSS8.5AI score0.02121EPSS
CVE
CVE
•added 2017/11/20 5:29 p.m.•82 views

CVE-2017-9806

A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.

7.8CVSS7.8AI score0.01822EPSS
CVE
CVE
•added 2014/08/27 12:55 a.m.•78 views

CVE-2014-3575

The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.

4.3CVSS6.5AI score0.09871EPSS
CVE
CVE
•added 2022/08/15 11:21 a.m.•78 views

CVE-2022-37400

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same wh...

8.8CVSS8AI score0.00396EPSS
CVE
CVE
•added 2021/10/11 8:15 a.m.•73 views

CVE-2021-41830

It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory.

7.5CVSS7.1AI score0.00613EPSS
CVE
CVE
•added 2007/09/18 9:17 p.m.•67 views

CVE-2007-2834

Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of me...

9.3CVSS7.7AI score0.12957EPSS
CVE
CVE
•added 2021/10/11 8:15 a.m.•66 views

CVE-2021-41832

It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25635 for the LibreOffice advisory.

7.5CVSS6.6AI score0.00452EPSS
CVE
CVE
•added 2013/07/31 1:20 p.m.•64 views

CVE-2013-4156

Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.

6.8CVSS7.2AI score0.00902EPSS
CVE
CVE
•added 2021/10/11 8:15 a.m.•63 views

CVE-2021-41831

It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice advisory.

5.3CVSS6.2AI score0.0082EPSS
CVE
CVE
•added 2013/07/31 1:20 p.m.•61 views

CVE-2013-2189

Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.

6.8CVSS7.4AI score0.00902EPSS
CVE
CVE
•added 2023/12/29 3:15 p.m.•48 views

CVE-2023-47804

Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versio...

8.8CVSS7.8AI score0.03051EPSS