Product:

Openoffice

(Apache)
Repositories https://github.com/dajobe/raptor
#Vulnerabilities 53
Date Id Summary Products Score Patch Annotated
2023-03-24 CVE-2022-38745 Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory. Openoffice 7.8
2023-03-24 CVE-2022-47502 Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution. Openoffice 7.8
2023-12-29 CVE-2023-47804 Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution. This is a corner case of CVE-2022-47502. Openoffice 8.8
2012-06-17 CVE-2012-0037 Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document. Openoffice, Debian_linux, Fedora, Raptor, Libreoffice, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_workstation, Gluster_storage_server_for_on\-Premise, Storage, Storage_for_public_cloud 6.5
2008-08-29 CVE-2008-3282 Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a "numeric truncation error," a different vulnerability than CVE-2008-2152. Openoffice, Fedora 7.8
2019-12-20 CVE-2012-5639 LibreOffice and OpenOffice automatically open embedded content Openoffice, Debian_linux, Libreoffice 6.5
2010-02-16 CVE-2010-0136 OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document. Openoffice, Ubuntu_linux, Debian_linux N/A
2018-05-01 CVE-2018-10583 An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. Openoffice, Ubuntu_linux, Debian_linux, Libreoffice, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 7.5
2019-01-31 CVE-2018-11790 When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation. Openoffice, Ubuntu_linux 7.8
2011-01-28 CVE-2010-3453 The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write. Openoffice, Ubuntu_linux, Debian_linux N/A