Aggregates CVE and security vulnerability intelligence across all openoffice-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk buffer overflow and vendor risk path handling, with potential vendor impact application crash and vendor impact memory corruption across vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2010-2936 | Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer overflow. | [email protected] | 9.3 | 5.66% | 2010-08-25 | 2026-04-29 |
| CVE-2010-2935 | simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error." | [email protected] | 9.3 | 10.74% | 2010-08-25 | 2026-04-29 |
| CVE-2009-3571 | Unspecified vulnerability in OpenOffice.org (OOo) has unknown impact and client-side attack vector, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | [email protected] | 9.3 | 0.48% | 2009-10-06 | 2026-04-23 |
| CVE-2009-3570 | Unspecified vulnerability in OpenOffice.org (OOo) has unspecified impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9. NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | [email protected] | 10.0 | 0.34% | 2009-10-06 | 2026-04-23 |
| CVE-2009-0201 | Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to "table parsing." | [email protected] | 9.3 | 13.15% | 2009-09-02 | 2026-04-23 |
| CVE-2009-0200 | Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow. | [email protected] | 9.3 | 10.84% | 2009-09-02 | 2026-04-23 |
| CVE-2009-0259 | The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008, as demonstrated by 2008-crash.doc.rar, and a similar issue to CVE-2008-4841. | [email protected] | 9.3 | 16.60% | 2009-01-22 | 2026-04-23 |
| CVE-2008-4937 | senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/log.obr.##### temporary file. | [email protected] | 2.6 | 0.04% | 2008-11-05 | 2026-04-23 |
| CVE-2008-2238 | Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 allow remote attackers to execute arbitrary code via crafted EMR records in an EMF file associated with a StarOffice/StarSuite document, which trigger a heap-based buffer overflow. | [email protected] | 9.3 | 8.77% | 2008-10-30 | 2026-04-23 |
| CVE-2008-2237 | Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 allows remote attackers to execute arbitrary code via a crafted WMF file associated with a StarOffice/StarSuite document. | [email protected] | 9.3 | 8.77% | 2008-10-30 | 2026-04-23 |
| CVE-2008-3437 | OpenOffice.org (OOo) before 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | [email protected] | 7.5 | 0.78% | 2008-08-01 | 2026-04-23 |
| CVE-2008-2366 | Untrusted search path vulnerability in a certain Red Hat build script for OpenOffice.org (OOo) 1.1.x on Red Hat Enterprise Linux (RHEL) 3 and 4 allows local users to gain privileges via a malicious library in the current working directory, related to incorrect quoting of the ORIGIN symbol for use in the RPATH library path. | [email protected] | 4.4 | 0.07% | 2008-06-16 | 2026-04-23 |
| CVE-2008-2152 | Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow. | [email protected] | 9.3 | 3.04% | 2008-06-10 | 2026-04-23 |
| CVE-2008-0320 | Heap-based buffer overflow in the OLE importer in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an OLE file with a crafted DocumentSummaryInformation stream. | [email protected] | 9.3 | 82.00% | 2008-04-17 | 2026-04-23 |
| CVE-2007-5746 | Integer overflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an EMF file with a crafted EMR_STRETCHBLT record, which triggers a heap-based buffer overflow. | [email protected] | 6.8 | 7.72% | 2008-04-17 | 2026-04-23 |
| CVE-2007-5745 | Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted (1) Attribute and (2) Font Description records. | [email protected] | 6.8 | 6.46% | 2008-04-17 | 2026-04-23 |
| CVE-2007-4575 | HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods." | [email protected] | 9.3 | 6.32% | 2007-12-06 | 2026-04-23 |
| CVE-2007-4251 | OpenOffice.org (OOo) 2.2 does not properly handle files with multiple extensions, which allows user-assisted remote attackers to cause a denial of service. | [email protected] | 4.3 | 0.94% | 2007-08-08 | 2026-04-23 |
| CVE-2007-0245 | Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a RTF file with a crafted prtdata tag with a length parameter inconsistency, which causes vtable entries to be overwritten. | [email protected] | 9.3 | 12.21% | 2007-06-12 | 2026-04-23 |
| CVE-2007-0239 | OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document. | [email protected] | 9.3 | 11.49% | 2007-03-21 | 2026-04-23 |