Lucene search

K
ApacheOpenoffice

15 matches found

CVE
CVE
added 2018/05/01 4:29 p.m.163 views

CVE-2018-10583

An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt X...

7.5CVSS6.4AI score0.63278EPSS
CVE
CVE
added 2010/12/07 9:0 p.m.129 views

CVE-2010-4494

Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

7.5CVSS7.8AI score0.0197EPSS
CVE
CVE
added 2017/11/20 8:29 p.m.97 views

CVE-2017-12608

A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in ImportOldFormatStyles, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.

7.8CVSS7.8AI score0.00861EPSS
CVE
CVE
added 2017/11/20 7:29 p.m.93 views

CVE-2017-12607

A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.

7.8CVSS7.8AI score0.00634EPSS
CVE
CVE
added 2012/08/06 6:55 p.m.90 views

CVE-2012-2665

Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag with...

7.5CVSS6.9AI score0.04781EPSS
CVE
CVE
added 2023/03/24 4:15 p.m.87 views

CVE-2022-38745

Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.

7.8CVSS7.7AI score0.00105EPSS
CVE
CVE
added 2019/01/31 4:29 p.m.81 views

CVE-2018-11790

When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation.

7.8CVSS7.6AI score0.00856EPSS
CVE
CVE
added 2017/11/20 5:29 p.m.80 views

CVE-2017-9806

A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.

7.8CVSS7.8AI score0.01822EPSS
CVE
CVE
added 2021/09/23 8:15 a.m.78 views

CVE-2021-33035

Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the al...

7.8CVSS7.7AI score0.26977EPSS
CVE
CVE
added 2016/08/05 2:59 p.m.71 views

CVE-2016-1513

The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) ODP or (2) OTP file.

7.8CVSS7.7AI score0.01117EPSS
CVE
CVE
added 2021/10/11 8:15 a.m.71 views

CVE-2021-41830

It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory.

7.5CVSS7.1AI score0.00631EPSS
CVE
CVE
added 2023/03/24 4:15 p.m.69 views

CVE-2022-47502

Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versio...

7.8CVSS7.9AI score0.00098EPSS
CVE
CVE
added 2021/10/11 8:15 a.m.63 views

CVE-2021-41832

It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25635 for the LibreOffice advisory.

7.5CVSS6.6AI score0.00465EPSS
CVE
CVE
added 2021/10/07 4:15 p.m.49 views

CVE-2021-28129

While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. This both caused issues with desktop integration and could allow a crafted attack on files owned by that user or group if they exist. Users ...

7.8CVSS7.6AI score0.00222EPSS
CVE
CVE
added 2019/11/27 5:15 p.m.46 views

CVE-2011-2177

OpenOffice.org v3.3 allows execution of arbitrary code with the privileges of the user running the OpenOffice.org suite tools.

7.8CVSS7.8AI score0.02367EPSS