28 matches found
CVE-2014-3524
CVE-2014-3524 concerns Apache OpenOffice (and related LibreOffice/OpenOffice components) with a remote code execution risk via a crafted Calc spreadsheet. The NVD entry assigns CVSSv2 base score 9.3 (HIGH) and notes the issue affects OpenOffice before 4.1.1. Public details in connected documents ...
CVE-2009-2950
CVE-2009-2950 is a heap-based buffer overflow in OpenOffice.org’s GIFLZWDecompressor (decode.cxx) that can be triggered by a crafted GIF file, potentially causing an application crash or arbitrary code execution. Affected product: OpenOffice.org prior to 3.2. Connected advisories (Debian, Red Hat...
CVE-2009-3302
Summary (CVE-2009-3302) OpenOffice.org (OOo) Word import processing has a boundary error in sprmTSetBrc that can cause memory corruption. This vulnerability could allow a remote attacker to crash the application or potentially execute arbitrary code when processing crafted Word documents. The iss...
CVE-2009-2949
CVE-2009-2949 refers to an integer overflow in OpenOffice.org's XPM parsing, specifically the XPMReader path, causing a heap-based buffer overflow. The issue affects OpenOffice.org prior to 3.2 and can allow a remote attacker to execute arbitrary code by supplying a crafted XPM file. Multiple Ope...
CVE-2009-3301
CVE-2009-3301: OpenOffice.org before 3.2 is affected by an memory corruption in sprmTDefTable when parsing Word documents, caused by an underflow in a Word table property modifier. This can trigger a denial of service (crash) and potentially allow arbitrary code execution if a crafted Word docume...
CVE-2012-2665
CVE-2012-2665 affects OpenOffice.org and LibreOffice prior to 3.5.5. The issue is a heap-based buffer overflow in the XML manifest encryption tag parsing when processing Open Document Text (.odt) files. An attacker could craft an ODT with (1) a child tag under an incorrect parent, (2) duplicate t...
CVE-2016-6804
Summary: CVE-2016-6804 affects the Windows installer for Apache OpenOffice (pre-4.1.3, including OpenOffice.org branding). The issue stems from a search-path defect where a malicious DLL file in the installation directory can be used to impersonate a dependent DLL, enabling arbitrary code executi...
CVE-2017-12608
CVE-2017-12608 affects the Apache OpenOffice/ OpenOffice Writer DOC file parser (before 4.1.4), specifically in ImportOldFormatStyles. A crafted DOC document can trigger memory corruption leading to denial of service and may potentially allow arbitrary code execution. Exploitation status and exac...
CVE-2017-12607
CVE-2017-12607 affects OpenOffice/OpenOffice.org and specifically the PPT file parser’s PPTStyleSheet. A crafted PPT document can trigger memory corruption and an application crash, with potential for arbitrary code execution. Vulnerable: OpenOffice prior to 4.1.4. Mitigation: upgrade to a fixed ...
CVE-2022-38745
CVE-2022-38745 : The vulnerability described as “Empty entry in Java class path” is referenced across multiple advisories in connected documents, affectingLibreOffice packages (e.g., MiracleLinux, Red Hat, Oracle Linux, Alibaba Cloud Linux) and OpenOffice-related contexts. The common impact is po...
CVE-2014-3575
CVE-2014-3575 affects OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org, enabling remote attackers to embed arbitrary data into documents via crafted OLE objects. Connected advisories corroborate this OLE-generation flaw and its association with OpenOffice/LibreOffice su...
CVE-2022-37401
CVE-2022-37401 describes weak master-key encoding in OpenOffice/OpenOffice-derived LibreOffice implementations that protects web-connection passwords in the user configuration database. The root cause is poor encoding of the master key, dropping entropy from 128 bits to 43 bits, which enables bru...
CVE-2017-9806
CVE-2017-9806 affects Apache OpenOffice Writer DOC parsing prior to 4.1.4, due to an issue in the WW8Fonts constructor that can be triggered by crafted DOC files. This memory-corruption/vector leads to denial of service and potentially arbitrary code execution. Affected product: OpenOffice/OpenOf...
CVE-2021-41831
The connected documents confirm a vulnerability in LibreOffice's handling of digital signatures in ODF documents (CVE-2021-25634). An Improper Certificate Validation flaw allowed an attacker to modify a digitally signed ODF document to insert an extra signing time timestamp, which LibreOffice cou...
CVE-2022-37400
CVE-2022-37400 affects Apache OpenOffice and LibreOffice: a flaw where the initialization vector for encrypting stored web-connection passwords is always the same, weakening encryption if an attacker gains access to the user’s configuration data. The issue impacts Apache OpenOffice
CVE-2007-2834
The CVE describes a heap-based buffer overflow in the TIFF parser of OpenOffice.org (and StarOffice/StarSuite) caused by an integer overflow when processing TIFF files, enabling remote arbitrary code execution. The issue affects OpenOffice.org-based suites prior to version 2.3 and StarOffice/Star...
CVE-2021-41830
CVE-2021-41830 describes an imbalance in trust validation where an attacker can manipulate signed documents and macros to appear from a trusted source, affecting Apache OpenOffice up to 4.1.10. The initial advisory recommends updating to OpenOffice 4.1.11. Connected documents discuss related Libr...
CVE-2021-41832
CVE-2021-41832 concerns Apache OpenOffice data forgery via signature manipulation. The issue allows an attacker to cause a document to appear signed by a trusted source, affecting all OpenOffice versions up to 4.1.10. The advised remediation is to upgrade to OpenOffice 4.1.11. While several relat...
CVE-2013-4156
CVE-2013-4156 affects Apache OpenOffice.org prior to 4.0, where a crafted OOXML document element can trigger memory corruption, enabling remote denial of service (and possibly other impact). The provided connected docs reference LibreOffice/OpenOffice patches but do not specify a confirmed OpenOf...
CVE-2013-2189
Apache OpenOffice.org/OpenOffice (OOo) versions prior to 4.0 are affected by CVE-2013-2189. The vulnerability arises from processing PLCF data in DOC files, leading to memory corruption and a potential denial of service (and possibly unspecified impact). Remediation is to upgrade to OpenOffice 4....
CVE-2023-47804
CVE-2023-47804 affects Apache OpenOffice prior to 4.1.15. It stems from links in documents that call internal macros with arbitrary arguments; in affected versions, user approval for such links isn’t always requested, enabling arbitrary script execution when links are clicked or triggered by docu...
CVE-2025-64404
CVE-2025-64404 affects Apache OpenOffice up to version 4.1.15. The issue is a missing Authorization vulnerability that allows an attacker to craft a document containing links (specifically background fill or bullet images) that would cause external files to be loaded without prompting the user. A...
CVE-2025-64401
Apache OpenOffice is affected by a vulnerability where documents with floating frames linked to external files can load external content without user permission. Root cause: missing Authorization to load external links. Affected versions: Apache OpenOffice up to 4.1.15. Impact: loading external f...
CVE-2025-64407
Technical details for CVE-2025-64407 are not publicly provided in the connected documents. Available sources discuss related vulnerabilities (CVE-2024-12425/12426) and Apache OpenOffice issues, but do not specify this CVE’s affected products, root cause, or fixes.
CVE-2025-64405
CVE-2025-64405 affects Apache OpenOffice up to version 4.1.15. The issue is a missing authorization check when handling external links, specifically in Calc spreadsheets with DDE links to external files, which could cause the external contents to be loaded without user prompt. The combined set of...
CVE-2025-64403
CVE-2025-64403 affects Apache OpenOffice up to version 4.1.15 (Calc external data sources and other external links). Root cause is missing authorization checks that allow an attacker to craft a document to load links without prompting the user. A fix is available in OpenOffice 4.1.16. Other relat...
CVE-2025-64402
CVE-2025-64402 affects Apache OpenOffice up to 4.1.15. A missing Authorization vulnerability allows documents using OLE objects linked to external files to load those files without prompting the user. Impact: loading external content without user consent. A fix is available in OpenOffice 4.1.16; ...
CVE-2025-64406
CVE-2025-64406 affects Apache OpenOffice up to 4.1.15. It is an out-of-bounds write vulnerability that could crash the program or corrupt memory when a crafted document is processed. Upgrading to OpenOffice 4.1.16 fixes the issue. CVSSv3.1 base score 4.3 (MEDIUM) with network attack vector, low c...