CVE-2021-30245 – Code execution in Apache OpenOffice via non-http(s) schemes in Hyperlinks
https://notcve.org/view.php?id=CVE-2021-30245
The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted code execution. It is always best practice to be careful opening documents from unknown and unverified sources. The mitigation in Apache OpenOffice 4.1.10 (unreleased) assures that a security warning is displayed giving the user the option of continuing to open the hyperlink. • https://lists.apache.org/thread.html/r7c01173f763b0c4212ada0e6ab283984d6e058d72258efce85c006ab%40%3Cannounce.apache.org%3E https://lists.apache.org/thread.html/r87ff11512e4883052991e6b725e20294224034ea8453b811fb3ee735%40%3Cdev.openoffice.apache.org%3E https://lists.apache.org/thread.html/r87ff11512e4883052991e6b725e20294224034ea8453b811fb3ee735%40%3Cusers.openoffice.apache.org%3E https://lists.apache.org/thread.html/ra2cabdc083d5160a84de9a6436296ee5030fb3a16dc490dee4f983d5%40%3Cdev.openoffice.apache.org%3E https://lists.apache.org/thread.html/ra2cabdc083d5160a84de9a6436296ee5030fb3a16dc490dee4f983d5%4 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVE-2018-11790
https://notcve.org/view.php?id=CVE-2018-11790
When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation. Al cargar un documento con Apache Open Office, en versiones 4.1.5 y anteriores, con una terminación de final de línea más pequeña que las que emplea el sistema operativo, ocurre este defecto. En este caso, OpenOffice sufre un desbordamiento de aritmética en un cálculo de longitud de cadena. • http://www.securityfocus.com/bid/106803 https://lists.apache.org/thread.html/7394e6b5f78a878bd0c44e9bc9adf90b8cdf49e9adc0f287145aba9b%40%3Ccommits.openoffice.apache.org%3E https://usn.ubuntu.com/3883-1 https://www.openoffice.org/security/cves/CVE-2018-11790.html • CWE-682: Incorrect Calculation •
CVE-2017-9806
https://notcve.org/view.php?id=CVE-2017-9806
A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution. Una vulnerabilidad en el analizador sintáctico de archivos DOC de OpenOffice Writer en versiones anteriores a la 4.1.4, específicamente en WW8Fonts Constructor, permite que atacantes manipulen documentos maliciosos que provoquen una denegación de servicio (corrupción de memoria y cierre inesperado de la aplicación), resultando potencialmente en la ejecución de código arbitrario. • http://www.openoffice.org/security/cves/CVE-2017-9806.html http://www.securityfocus.com/bid/101585 • CWE-787: Out-of-bounds Write •
CVE-2017-12607
https://notcve.org/view.php?id=CVE-2017-12607
A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution. Una vulnerabilidad en el analizador sintáctico de archivos PPT de OpenOffice en versiones anteriores a la 4.1.4, específicamente en PPTStyleSheet, permite que atacantes manipulen documentos maliciosos que provoquen una denegación de servicio (corrupción de memoria y cierre inesperado de la aplicación), resultando potencialmente en la ejecución de código arbitrario. • http://www.securityfocus.com/bid/101585 http://www.securitytracker.com/id/1039732 http://www.securitytracker.com/id/1039734 https://lists.debian.org/debian-lts-announce/2017/12/msg00017.html https://www.debian.org/security/2017/dsa-4022 https://www.openoffice.org/security/cves/CVE-2017-12607.html • CWE-787: Out-of-bounds Write •
CVE-2017-12608
https://notcve.org/view.php?id=CVE-2017-12608
A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in ImportOldFormatStyles, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution. Una vulnerabilidad en el analizador sintáctico de archivos DOC de OpenOffice Writer en versiones anteriores a la 4.1.4, específicamente en ImportOldFormatStyles, permite que atacantes manipulen documentos maliciosos que provoquen una denegación de servicio (corrupción de memoria y cierre inesperado de la aplicación), resultando potencialmente en la ejecución de código arbitrario. • http://www.securityfocus.com/bid/101585 http://www.securitytracker.com/id/1039733 http://www.securitytracker.com/id/1039735 https://lists.debian.org/debian-lts-announce/2017/12/msg00017.html https://www.debian.org/security/2017/dsa-4022 https://www.openoffice.org/security/cves/CVE-2017-12608.html • CWE-787: Out-of-bounds Write •