Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2009-2950: Apache OpenOffice Security Team Bulletin

Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, related to LZW decompression.

CVE
#sql#vulnerability#mac#windows#apple#microsoft#linux#dos#apache#java

If you want to stay up to date on Apache OpenOffice security announcements, please subscribe to our security-alerts mailing list.

Fixed in Apache OpenOffice 4.1.11

  • CVE-2021-28129: DEB packaging installed with a non-root userid and groupid
  • CVE-2021-33035: Buffer overflow from a crafted DBF file
  • CVE-2021-40439: “Billion Laughs” fixed in Expat >=2.4.0
  • CVE-2021-41830: #1 Content Manipulation with Certificate Double Attack
  • CVE-2021-41830: #2 Macro Manipulation with Certificate Double Attack
  • CVE-2021-41831: #3 Timestamp Manipulation with Signature Wrapping
  • CVE-2021-41832: #4 Content Manipulation with Certificate Validation Attack

Fixed in Apache OpenOffice 4.1.10

  • CVE-2021-30245: Code execution in Apache OpenOffice via non-http(s) schemes in Hyperlinks

Fixed in Apache OpenOffice 4.1.8

  • CVE-2020-13958: Unrestricted actions leads to arbitrary code execution in crafted documents

Fixed in Apache OpenOffice 4.1.7

  • CVE-2019-9853: Insufficient URL decoding flaw in categorizing macro location

Fixed in Apache OpenOffice 4.1.6

  • CVE-2018-11790: Arithmetic overflow and wrap around during string length calculation

Fixed in Apache OpenOffice 4.1.5

  • No security vulnerabilities fixed in this release

Fixed in Apache OpenOffice 4.1.4

  • CVE-2017-3157: Arbitrary file disclosure in Calc and Writer
  • CVE-2017-9806: Out-of-Bounds Write in Writer’s WW8Fonts Constructor
  • CVE-2017-12607: Out-of-Bounds Write in Impress’ PPT Filter
  • CVE-2017-12608: Out-of-Bounds Write in Writer’s ImportOldFormatStyles

Fixed in Apache OpenOffice 4.1.3

  • CVE-2016-1513: Memory Corruption Vulnerability (Impress Presentations)
  • CVE-2016-6803: Windows Installer Can Enable Privileged Trojan Execution
  • CVE-2016-6804: Windows Installer Execution of Arbitrary Code with Elevated Privileges

Fixed in Apache OpenOffice 4.1.2

  • CVE-2015-1774: Out-of-Bounds Write in HWP File Filter
  • CVE-2015-4551: Targeted Data Disclosure
  • CVE-2015-5212: ODF Printer Settings Vulnerability
  • CVE-2015-5213: .DOC Document Vulnerability
  • CVE-2015-5214: .DOC Bookmarks Vulnerability

Fixed in Apache OpenOffice 4.1.1

  • CVE-2014-3575: Targeted Data Exposure Using Crafted OLE Objects in Apache OpenOffice
  • CVE-2014-3524: Calc Command Injection Vulnerability in Apache OpenOffice

Fixed in Apache OpenOffice 4.0.0

  • CVE-2013-2189: DOC Memory Corruption Vulnerability in Apache OpenOffice
  • CVE-2013-4156: DOCM Memory Corruption Vulnerability in Apache OpenOffice

Fixed in Apache OpenOffice 3.4.1

  • CVE-2012-2665: Manifest-processing errors in Apache OpenOffice 3.4.0
  • CVE-2013-1571: Frame Injection Vulnerability in SDK JavaDoc

Fixed in Apache OpenOffice 3.4.0

  • CVE-2012-1149: OpenOffice.org integer overflow error in vclmi.dll module when allocating memory for an embedded image object
  • CVE-2012-2149: OpenOffice.org memory overwrite vulnerability
  • CVE-2012-2334: Vulnerabilities related to malformed Powerpoint files in OpenOffice.org 3.3.0

Patches for OpenOffice.org 3.3

  • CVE-2012-0037: OpenOffice.org data leakage vulnerability

Fixed in OpenOffice.org 3.3

  • CVE-2010-2935 / CVE-2010-2936: Security Vulnerability in OpenOffice.org related to PowerPoint document processing
  • CVE-2010-3450: Security Vulnerability in OpenOffice.org related to Extensions and filter package files
  • CVE-2010-3451 / CVE-2010-3452: Security Vulnerability in OpenOffice.org related to RTF document processing
  • CVE-2010-3453 / CVE-2010-3454: Security Vulnerability in OpenOffice.org related to Word document processing
  • CVE-2010-3689: Insecure LD_LIBRARY_PATH usage in OpenOffice.org shell scripts
  • CVE-2010-3702 / CVE-2010-3704: Security Vulnerability in OpenOffice.org’s PDF Import extension resulting from 3rd party library XPDF
  • CVE-2010-4008 / CVE-2010-4494: Possible Security Vulnerability in OpenOffice.org resulting from 3rd party library LIBXML2
  • CVE-2010-4253: Security Vulnerability in OpenOffice.org related to PNG file processing
  • CVE-2010-4643: Security Vulnerability in OpenOffice.org related to TGA file processing

Fixed in OpenOffice.org 3.2.1

  • CVE-2009-3555: OpenOffice.org 2 and 3 may be affected by the TLS/SSL Renegotiation Issue in 3rd Party Libraries
  • CVE-2010-0395: Security vulnerability in OpenOffice.org related to python scripting

Fixed in OpenOffice.org 3.2

  • CVE-2006-4339: Potential vulnerability from 3rd party libxml2 libraries
  • CVE-2009-0217: Potential vulnerability from 3rd party libxmlsec libraries
  • CVE-2009-2493: OpenOffice.org 3 for Windows bundles a vulnerable version of MSVC Runtime
  • CVE-2009-2949: Potential vulnerability related to XPM file processing
  • CVE-2009-2950: Potential vulnerability related to GIF file processing
  • CVE-2009-3301/2: Potential vulnerability related to MS-Word document processing

Fixed in OpenOffice.org 3.1.1

  • CVE-2009-0200 / CVE-2009-0201: Manipulated Microsoft Word files can lead to heap overflows and arbitrary code execution
  • CVE-2009-2414 / CVE-2009-2416: Manipulated XML documents can lead to arbitrary code execution

Fixed in OpenOffice.org 3.1

  • No security vulnerabilities fixed in this release

Fixed in OpenOffice.org 3.0.1

  • No security vulnerabilities fixed in this release

Fixed in OpenOffice.org 3.0

  • No security vulnerabilities fixed in this release

Fixed in OpenOffice.org 2.4.3

  • CVE-2009-0200 / CVE-2009-0201: Manipulated Microsoft Word files can lead to heap overflows and arbitrary code execution
  • CVE-2009-2414 / CVE-2009-2416: Manipulated XML documents can lead to arbitrary code execution

Fixed in OpenOffice.org 2.4.2

  • CVE-2008-2237: Manipulated WMF files can lead to heap overflows and arbitrary code execution
  • CVE-2008-2238: Manipulated EMF files can lead to heap overflows and arbitrary code execution

Fixed in OpenOffice.org 2.4.1

  • CVE-2008-2152: Different kinds of manipulated files may lead to heap overflows and arbitrary code execution

Fixed in OpenOffice.org 2.4

  • CVE-2007-4770/4771: Manipulated ODF text documents containing XForms can lead to heap overflows and arbitrary code execution
  • CVE-2007-5745/5747: Manipulated Quattro Pro files can lead to heap overflows and arbitrary code execution
  • CVE-2007-5746: Manipulated EMF files can lead to heap overflows and arbitrary code execution
  • CVE-2008-0320: Manipulated OLE files can lead to heap overflows and arbitrary code execution

Fixed in OpenOffice.org 2.3.1

  • CVE-2007-4575: Potential arbitrary code execution vulnerability in 3rd party module (HSQLDB)

Fixed in OpenOffice.org 2.3

  • CVE-2007-2834: Manipulated TIFF files can lead to heap overflows and arbitrary code execution

Fixed in OpenOffice.org 2.2.1

  • CVE-2007-2754: Integer overflow and heap-based buffer overflow vulnerability in 3rd party module (freetype)
  • CVE-2007-0245: Manipulated RTF files can lead to heap overflows and arbitrary code execution

Fixed in OpenOffice.org 2.2

  • CVE-2007-0239: URL Handling Security Vulnerability (Linux/Solaris)
  • CVE-2007-0238: StarCalc Vulnerability
  • CVE-2007-002: WordPerfect Import Vulnerability

Fixed in OpenOffice.org 2.1

  • CVE-2006-5870: WMF/EMF Processing Failures

Fixed in OpenOffice.org 2.0.3

  • CVE-2006-2199: Java Applets
  • CVE-2006-2198: Macro
  • CVE-2006-3117: File Format

Security Home -> Bulletin

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907