Product:

Openoffice

(Apache)
Repositories https://github.com/dajobe/raptor
#Vulnerabilities 53
Date Id Summary Products Score Patch Annotated
2022-08-15 CVE-2022-37401 Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulnerable to a brute force attack if an attacker has access to the users stored config. This issue affects: Apache OpenOffice versions prior to 4.1.13.... Openoffice 8.8
2012-06-17 CVE-2012-0037 Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document. Openoffice, Debian_linux, Fedora, Raptor, Libreoffice, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_workstation, Gluster_storage_server_for_on\-Premise, Storage, Storage_for_public_cloud 6.5
2019-12-20 CVE-2012-5639 LibreOffice and OpenOffice automatically open embedded content Openoffice, Debian_linux, Libreoffice 6.5
2010-02-16 CVE-2010-0136 OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document. Openoffice, Ubuntu_linux, Debian_linux N/A
2018-05-01 CVE-2018-10583 An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. Openoffice, Ubuntu_linux, Debian_linux, Libreoffice, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 7.5
2019-01-31 CVE-2018-11790 When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation. Openoffice, Ubuntu_linux 7.8
2011-01-28 CVE-2010-3453 The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write. Openoffice, Ubuntu_linux, Debian_linux N/A
2011-01-28 CVE-2010-4253 Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document. Openoffice, Ubuntu_linux, Debian_linux N/A
2011-01-28 CVE-2010-4643 Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document. Openoffice N/A
2012-08-06 CVE-2012-2665 Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four. Openoffice, Ubuntu_linux, Debian_linux, Libreoffice, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_power_big_endian, Enterprise_linux_server, Enterprise_linux_server_from_rhui_6, Enterprise_linux_workstation N/A