apache openoffice CVE Vulnerabilities (60)

CVEs: 60 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting apache openoffice (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 2140 of 60 CVEs
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2012-5639 LibreOffice and OpenOffice automatically open embedded content [email protected] 6.5 5.84% 2019-12-20 2026-06-16
CVE-2011-2177 OpenOffice.org v3.3 allows execution of arbitrary code with the privileges of the user running the OpenOffice.org suite tools. [email protected] 7.8 2.00% 2019-11-27 2026-06-16
CVE-2018-11790 When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation. [email protected] 7.8 1.03% 2019-01-31 2026-06-16
CVE-2018-10583 An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. [email protected] 7.5 78.68% 2018-05-01 2026-06-16
CVE-2017-3157 By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into saving the document and convincing the user to send the document back to the attacker. The vulnerability is mitigated by the need for the attacker to know the precise file path in the target system, a [email protected] 5.5 3.12% 2017-11-20 2026-06-16
CVE-2017-12608 A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in ImportOldFormatStyles, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution. [email protected] 7.8 2.89% 2017-11-20 2026-06-16
CVE-2017-12607 A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution. [email protected] 7.8 2.59% 2017-11-20 2026-06-16
CVE-2017-9806 A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution. [email protected] 7.8 1.82% 2017-11-20 2026-06-16
CVE-2016-6804 The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated privileges. This requires that the location in which the installer is run has been previously poisoned by a file that impersonates a dynamic-link library that the installer depends upon. [email protected] 7.8 3.02% 2017-11-20 2026-06-16
CVE-2016-6803 An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan Horse application (or user) running with administrative privilege. Any installer with the unquoted search path vulnerability becomes a delayed trigger for the exploit. [email protected] 7.8 2.10% 2017-11-13 2026-06-16
CVE-2016-1513 The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) ODP or (2) OTP file. [email protected] 7.8 4.48% 2016-08-05 2026-06-16
CVE-2015-5214 LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file. [email protected] 6.8 9.55% 2015-11-10 2026-06-16
CVE-2015-5213 Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a long DOC file, which triggers a buffer overflow. [email protected] 6.8 12.87% 2015-11-10 2026-06-16
CVE-2015-5212 Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted PrinterSetup data in an ODF document. [email protected] 6.8 8.72% 2015-11-10 2026-06-16
CVE-2015-4551 LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from local files into (1) Calc or (2) Writer. [email protected] 4.3 13.83% 2015-11-10 2026-06-16
CVE-2015-1774 The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write. [email protected] 6.8 7.65% 2015-04-28 2026-06-16
CVE-2014-3575 The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects. [email protected] 4.3 9.87% 2014-08-26 2026-06-16
CVE-2014-3524 Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet. [email protected] 9.3 14.60% 2014-08-26 2026-06-16
CVE-2013-4156 Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file. [email protected] 6.8 3.96% 2013-07-31 2026-06-16
CVE-2013-2189 Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file. [email protected] 6.8 3.96% 2013-07-31 2026-06-16
cvelogic Threat Intelligence