QID 375951
Date Published: 2021-10-18
QID 375951: Apache OpenOffice Multiple Vulnerabilities
Apache OpenOffice (AOO) is an open-source office productivity software suite.
Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables..
Fixed in Apache OpenOffice 4.1.11
CVE-2021-28129: DEB packaging installed with a non-root userid and groupid
CVE-2021-33035: Buffer overflow from a crafted DBF file
CVE-2021-40439: "Billion Laughs" fixed in Expat >=2.4.0
CVE-2021-41830: #1 Content Manipulation with Certificate Double Attack
CVE-2021-41830: #2 Macro Manipulation with Certificate Double Attack
CVE-2021-41831: #3 Timestamp Manipulation with Signature Wrapping
CVE-2021-41832: #4 Content Manipulation with Certificate Validation Attack
Affected Versions:
All Apache OpenOffice versions 4.1.10 and older are affected
QID Detection Logic (Authenticated):
This QID checks the vulnerable version of OpenOffice by checking the file version of file "soffice.exe".
if carefully crafted document could overflow the allocated space, leading to the execution of arbitrary code by altering the contents of the program stack
- CVE-2021-28129 -
www.openoffice.org/security/cves/CVE-2021-28129.html - CVE-2021-33035 -
www.openoffice.org/security/cves/CVE-2021-33035.html
- CVE-2021-40439 -
www.openoffice.org/security/cves/CVE-2021-40439.html
- CVE-2021-41830 -
www.openoffice.org/security/cves/CVE-2021-41830.html
- CVE-2021-41831 -
www.openoffice.org/security/cves/CVE-2021-41831.html
- CVE-2021-41832 -
www.openoffice.org/security/cves/CVE-2021-41832.html
CVEs related to QID 375951
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| Apache OpenOffice |
www.openoffice.org/security/cves/CVE-2021-33035.html |