彙總 openoffice 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 緩衝區溢位與路徑處理缺陷,在 生產負載與軟體部署 使用場景中可能帶來 應用程式崩潰、記憶體損壞與檔案覆寫 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2010-2936 | Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer overflow. | [email protected] | 9.3 | 7.09% | 2010-08-25 | 2026-06-16 |
| CVE-2010-2935 | simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error." | [email protected] | 9.3 | 7.09% | 2010-08-25 | 2026-06-16 |
| CVE-2009-3571 | Unspecified vulnerability in OpenOffice.org (OOo) has unknown impact and client-side attack vector, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | [email protected] | 9.3 | 1.29% | 2009-10-06 | 2026-06-16 |
| CVE-2009-3570 | Unspecified vulnerability in OpenOffice.org (OOo) has unspecified impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9. NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | [email protected] | 10.0 | 1.52% | 2009-10-06 | 2026-06-16 |
| CVE-2009-0201 | Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to "table parsing." | [email protected] | 9.3 | 6.72% | 2009-09-02 | 2026-06-16 |
| CVE-2009-0200 | Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow. | [email protected] | 9.3 | 6.72% | 2009-09-02 | 2026-06-16 |
| CVE-2009-0259 | The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008, as demonstrated by 2008-crash.doc.rar, and a similar issue to CVE-2008-4841. | [email protected] | 9.3 | 7.50% | 2009-01-22 | 2026-06-16 |
| CVE-2008-4937 | senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/log.obr.##### temporary file. | [email protected] | 2.6 | 0.45% | 2008-11-05 | 2026-06-16 |
| CVE-2008-2238 | Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 allow remote attackers to execute arbitrary code via crafted EMR records in an EMF file associated with a StarOffice/StarSuite document, which trigger a heap-based buffer overflow. | [email protected] | 9.3 | 6.75% | 2008-10-30 | 2026-06-16 |
| CVE-2008-2237 | Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 allows remote attackers to execute arbitrary code via a crafted WMF file associated with a StarOffice/StarSuite document. | [email protected] | 9.3 | 6.07% | 2008-10-30 | 2026-06-16 |
| CVE-2008-3437 | OpenOffice.org (OOo) before 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | [email protected] | 7.5 | 1.89% | 2008-08-01 | 2026-06-16 |
| CVE-2008-2366 | Untrusted search path vulnerability in a certain Red Hat build script for OpenOffice.org (OOo) 1.1.x on Red Hat Enterprise Linux (RHEL) 3 and 4 allows local users to gain privileges via a malicious library in the current working directory, related to incorrect quoting of the ORIGIN symbol for use in the RPATH library path. | [email protected] | 4.4 | 0.32% | 2008-06-16 | 2026-06-16 |
| CVE-2008-2152 | Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow. | [email protected] | 9.3 | 5.75% | 2008-06-10 | 2026-06-16 |
| CVE-2008-0320 | Heap-based buffer overflow in the OLE importer in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an OLE file with a crafted DocumentSummaryInformation stream. | [email protected] | 9.3 | 57.02% | 2008-04-17 | 2026-06-16 |
| CVE-2007-5746 | Integer overflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an EMF file with a crafted EMR_STRETCHBLT record, which triggers a heap-based buffer overflow. | [email protected] | 6.8 | 4.67% | 2008-04-17 | 2026-06-16 |
| CVE-2007-5745 | Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted (1) Attribute and (2) Font Description records. | [email protected] | 6.8 | 4.11% | 2008-04-17 | 2026-06-16 |
| CVE-2007-4575 | HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods." | [email protected] | 9.3 | 14.35% | 2007-12-05 | 2026-06-16 |
| CVE-2007-4251 | OpenOffice.org (OOo) 2.2 does not properly handle files with multiple extensions, which allows user-assisted remote attackers to cause a denial of service. | [email protected] | 4.3 | 1.25% | 2007-08-08 | 2026-06-16 |
| CVE-2007-0245 | Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a RTF file with a crafted prtdata tag with a length parameter inconsistency, which causes vtable entries to be overwritten. | [email protected] | 9.3 | 6.02% | 2007-06-12 | 2026-06-16 |
| CVE-2007-0239 | OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document. | [email protected] | 9.3 | 3.48% | 2007-03-21 | 2026-06-16 |