Apache OpenOffice Security Team Bulletin

If you want to stay up to date on Apache OpenOffice security announcements, please subscribe to our security-alerts mailing list.

Fixed in Apache OpenOffice 4.1.15

• CVE-2012-5639: Loading internal / external resource without warning.
• CVE-2022-43680: "Use after free" fixed in expat >= 2.4.9
• CVE-2023-1183: Arbitrary file write in Base
• CVE-2023-47804: Macro URL arbitrary script execution

Fixed in Apache OpenOffice 4.1.14

• CVE-2022-38745: An empty class path may lead to run arbitrary Java code
• CVE-2022-40674: "Use after free" fixed in expat >= 2.4.9
• CVE-2022-47502: Macro URL arbitrary script execution without warning

Fixed in Apache OpenOffice 4.1.13

• CVE-2022-37400: Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password
• CVE-2022-37401: Weak Master Keys

Fixed in Apache OpenOffice 4.1.11

• CVE-2021-28129: DEB packaging installed with a non-root userid and groupid
• CVE-2021-33035: Buffer overflow from a crafted DBF file
• CVE-2021-40439: "Billion Laughs" fixed in Expat >=2.4.0
• CVE-2021-41830: #1 Content Manipulation with Certificate Double Attack
• CVE-2021-41830: #2 Macro Manipulation with Certificate Double Attack
• CVE-2021-41831: #3 Timestamp Manipulation with Signature Wrapping
• CVE-2021-41832: #4 Content Manipulation with Certificate Validation Attack

Fixed in Apache OpenOffice 4.1.10

• CVE-2021-30245: Code execution in Apache OpenOffice via non-http(s) schemes in Hyperlinks

Fixed in Apache OpenOffice 4.1.8

• CVE-2020-13958: Unrestricted actions leads to arbitrary code execution in crafted documents

Fixed in Apache OpenOffice 4.1.7

• CVE-2019-9853: Insufficient URL decoding flaw in categorizing macro location

Fixed in Apache OpenOffice 4.1.6

• CVE-2018-11790: Arithmetic overflow and wrap around during string length calculation

Fixed in Apache OpenOffice 4.1.5

• No security vulnerabilities fixed in this release

Fixed in Apache OpenOffice 4.1.4

• CVE-2017-3157: Arbitrary file disclosure in Calc and Writer
• CVE-2017-9806: Out-of-Bounds Write in Writer's WW8Fonts Constructor
• CVE-2017-12607: Out-of-Bounds Write in Impress' PPT Filter
• CVE-2017-12608: Out-of-Bounds Write in Writer's ImportOldFormatStyles

Fixed in Apache OpenOffice 4.1.3

• CVE-2016-1513: Memory Corruption Vulnerability (Impress Presentations)
• CVE-2016-6803: Windows Installer Can Enable Privileged Trojan Execution
• CVE-2016-6804: Windows Installer Execution of Arbitrary Code with Elevated Privileges

Fixed in Apache OpenOffice 4.1.2

• CVE-2015-1774: Out-of-Bounds Write in HWP File Filter
• CVE-2015-4551: Targeted Data Disclosure
• CVE-2015-5212: ODF Printer Settings Vulnerability
• CVE-2015-5213: .DOC Document Vulnerability
• CVE-2015-5214: .DOC Bookmarks Vulnerability

Fixed in Apache OpenOffice 4.1.1

• CVE-2014-3575: Targeted Data Exposure Using Crafted OLE Objects in Apache OpenOffice
• CVE-2014-3524: Calc Command Injection Vulnerability in Apache OpenOffice

Fixed in Apache OpenOffice 4.0.0

• CVE-2013-2189: DOC Memory Corruption Vulnerability in Apache OpenOffice
• CVE-2013-4156: DOCM Memory Corruption Vulnerability in Apache OpenOffice

Fixed in Apache OpenOffice 3.4.1

• CVE-2012-2665: Manifest-processing errors in Apache OpenOffice 3.4.0
• CVE-2013-1571: Frame Injection Vulnerability in SDK JavaDoc

Fixed in Apache OpenOffice 3.4.0

• CVE-2012-1149: OpenOffice.org integer overflow error in vclmi.dll module when allocating memory for an embedded image object
• CVE-2012-2149: OpenOffice.org memory overwrite vulnerability
• CVE-2012-2334: Vulnerabilities related to malformed Powerpoint files in OpenOffice.org 3.3.0

Patches for OpenOffice.org 3.3

• CVE-2012-0037: OpenOffice.org data leakage vulnerability

Fixed in OpenOffice.org 3.3

• CVE-2010-2935 / CVE-2010-2936: Security Vulnerability in OpenOffice.org related to PowerPoint document processing
• CVE-2010-3450: Security Vulnerability in OpenOffice.org related to Extensions and filter package files
• CVE-2010-3451 / CVE-2010-3452: Security Vulnerability in OpenOffice.org related to RTF document processing
• CVE-2010-3453 / CVE-2010-3454: Security Vulnerability in OpenOffice.org related to Word document processing
• CVE-2010-3689: Insecure LD_LIBRARY_PATH usage in OpenOffice.org shell scripts
• CVE-2010-3702 / CVE-2010-3704: Security Vulnerability in OpenOffice.org's PDF Import extension resulting from 3rd party library XPDF
• CVE-2010-4008 / CVE-2010-4494: Possible Security Vulnerability in OpenOffice.org resulting from 3rd party library LIBXML2
• CVE-2010-4253: Security Vulnerability in OpenOffice.org related to PNG file processing
• CVE-2010-4643: Security Vulnerability in OpenOffice.org related to TGA file processing

Fixed in OpenOffice.org 3.2.1

• CVE-2009-3555: OpenOffice.org 2 and 3 may be affected by the TLS/SSL Renegotiation Issue in 3rd Party Libraries
• CVE-2010-0395: Security vulnerability in OpenOffice.org related to python scripting

Fixed in OpenOffice.org 3.2

• CVE-2006-4339: Potential vulnerability from 3rd party libxml2 libraries
• CVE-2009-0217: Potential vulnerability from 3rd party libxmlsec libraries
• CVE-2009-2493: OpenOffice.org 3 for Windows bundles a vulnerable version of MSVC Runtime
• CVE-2009-2949: Potential vulnerability related to XPM file processing
• CVE-2009-2950: Potential vulnerability related to GIF file processing
• CVE-2009-3301/2: Potential vulnerability related to MS-Word document processing

Fixed in OpenOffice.org 3.1.1

• CVE-2009-0200 / CVE-2009-0201: Manipulated Microsoft Word files can lead to heap overflows and arbitrary code execution
• CVE-2009-2414 / CVE-2009-2416: Manipulated XML documents can lead to arbitrary code execution

Fixed in OpenOffice.org 3.1

• No security vulnerabilities fixed in this release

Fixed in OpenOffice.org 3.0.1

• No security vulnerabilities fixed in this release

Fixed in OpenOffice.org 3.0

• No security vulnerabilities fixed in this release

Fixed in OpenOffice.org 2.4.3

• CVE-2009-0200 / CVE-2009-0201: Manipulated Microsoft Word files can lead to heap overflows and arbitrary code execution
• CVE-2009-2414 / CVE-2009-2416: Manipulated XML documents can lead to arbitrary code execution

Fixed in OpenOffice.org 2.4.2

• CVE-2008-2237: Manipulated WMF files can lead to heap overflows and arbitrary code execution
• CVE-2008-2238: Manipulated EMF files can lead to heap overflows and arbitrary code execution

Fixed in OpenOffice.org 2.4.1

• CVE-2008-2152: Different kinds of manipulated files may lead to heap overflows and arbitrary code execution

Fixed in OpenOffice.org 2.4

• CVE-2007-4770/4771: Manipulated ODF text documents containing XForms can lead to heap overflows and arbitrary code execution
• CVE-2007-5745/5747: Manipulated Quattro Pro files can lead to heap overflows and arbitrary code execution
• CVE-2007-5746: Manipulated EMF files can lead to heap overflows and arbitrary code execution
• CVE-2008-0320: Manipulated OLE files can lead to heap overflows and arbitrary code execution

Fixed in OpenOffice.org 2.3.1

• CVE-2007-4575: Potential arbitrary code execution vulnerability in 3rd party module (HSQLDB)

Fixed in OpenOffice.org 2.3

• CVE-2007-2834: Manipulated TIFF files can lead to heap overflows and arbitrary code execution

Fixed in OpenOffice.org 2.2.1

• CVE-2007-2754: Integer overflow and heap-based buffer overflow vulnerability in 3rd party module (freetype)
• CVE-2007-0245: Manipulated RTF files can lead to heap overflows and arbitrary code execution

Fixed in OpenOffice.org 2.2

• CVE-2007-0239: URL Handling Security Vulnerability (Linux/Solaris)
• CVE-2007-0238: StarCalc Vulnerability
• CVE-2007-002: WordPerfect Import Vulnerability

Fixed in OpenOffice.org 2.1

• CVE-2006-5870: WMF/EMF Processing Failures

Fixed in OpenOffice.org 2.0.3

• CVE-2006-2199: Java Applets
• CVE-2006-2198: Macro
• CVE-2006-3117: File Format

---

Security Home -> Bulletin