Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apache Subscribe
Filtered by product Openoffice
Total 49 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-3689 3 Apache, Canonical, Debian 3 Openoffice, Ubuntu Linux, Debian Linux 2022-02-07 6.9 MEDIUM N/A
soffice in OpenOffice.org (OOo) 3.x before 3.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
CVE-2014-3575 3 Apache, Libreoffice, Redhat 5 Openoffice, Libreoffice, Enterprise Linux Desktop and 2 more 2022-02-07 4.3 MEDIUM N/A
The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.
CVE-2015-1774 6 Apache, Canonical, Debian and 3 more 8 Openoffice, Ubuntu Linux, Debian Linux and 5 more 2022-02-07 6.8 MEDIUM N/A
The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.
CVE-2015-4551 4 Apache, Canonical, Debian and 1 more 4 Openoffice, Ubuntu Linux, Debian Linux and 1 more 2022-02-07 4.3 MEDIUM N/A
LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from local files into (1) Calc or (2) Writer.
CVE-2015-5212 4 Apache, Canonical, Debian and 1 more 4 Openoffice, Ubuntu Linux, Debian Linux and 1 more 2022-02-07 6.8 MEDIUM N/A
Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted PrinterSetup data in an ODF document.
CVE-2017-9806 1 Apache 1 Openoffice 2022-02-07 6.8 MEDIUM 7.8 HIGH
A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.
CVE-2017-12607 2 Apache, Debian 2 Openoffice, Debian Linux 2022-02-07 6.8 MEDIUM 7.8 HIGH
A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.
CVE-2014-3524 2 Apache, Libreoffice 2 Openoffice, Libreoffice 2022-02-07 9.3 HIGH N/A
Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet.
CVE-2013-2189 1 Apache 1 Openoffice 2022-02-07 6.8 MEDIUM N/A
Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
CVE-2013-4156 1 Apache 1 Openoffice 2022-02-07 6.8 MEDIUM N/A
Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
CVE-2017-12608 2 Apache, Debian 2 Openoffice, Debian Linux 2022-02-07 6.8 MEDIUM 7.8 HIGH
A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in ImportOldFormatStyles, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.
CVE-2011-2177 1 Apache 1 Openoffice 2022-02-07 6.8 MEDIUM 7.8 HIGH
OpenOffice.org v3.3 allows execution of arbitrary code with the privileges of the user running the OpenOffice.org suite tools.
CVE-2021-33035 1 Apache 1 Openoffice 2021-12-01 6.8 MEDIUM 7.8 HIGH
Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the allocated space, leading to the execution of arbitrary code by altering the contents of the program stack. This issue affects Apache OpenOffice up to and including version 4.1.10
CVE-2021-41830 1 Apache 1 Openoffice 2021-10-19 5.0 MEDIUM 7.5 HIGH
It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory.
CVE-2021-41831 1 Apache 1 Openoffice 2021-10-19 5.0 MEDIUM 5.3 MEDIUM
It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice advisory.
CVE-2021-41832 1 Apache 1 Openoffice 2021-10-19 5.0 MEDIUM 7.5 HIGH
It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25635 for the LibreOffice advisory.
CVE-2021-40439 1 Apache 1 Openoffice 2021-10-15 4.3 MEDIUM 6.5 MEDIUM
Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE-2013-0340 a "Billion Laughs" entity expansion denial of service attack and exploit via crafted XML files. ODF files consist of a set of XML files. All versions of Apache OpenOffice up to 4.1.10 are subject to this issue. expat in version 4.1.11 is patched.
CVE-2021-30245 1 Apache 1 Openoffice 2021-04-23 6.8 MEDIUM 8.8 HIGH
The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted code execution. It is always best practice to be careful opening documents from unknown and unverified sources. The mitigation in Apache OpenOffice 4.1.10 (unreleased) assures that a security warning is displayed giving the user the option of continuing to open the hyperlink.
CVE-2020-13958 1 Apache 1 Openoffice 2020-12-01 9.3 HIGH 7.8 HIGH
A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be called from the document event handler and other hyperlinks require a control-click.
CVE-2018-10583 5 Apache, Canonical, Debian and 2 more 7 Openoffice, Ubuntu Linux, Debian Linux and 4 more 2020-10-21 5.0 MEDIUM 7.5 HIGH
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.