![]() When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. DBF are database files with data organized in fields. ![]() Published: Octo12:15:09 PM -0400Īpache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. All versions of Apache OpenOffice up to 4.1.10 are subject to this issue. Versions prior to 2.1.0 were subject to CVE-2013-0340 a "Billion Laughs" entity expansion denial of service attack and exploit via crafted XML files. Published: Octo4:15:06 AM -0400Īpache OpenOffice has a dependency on expat software. See CVE-2021-25633 for the LibreOffice advisory. Users are advised to update to version 4.1.11. All versions of Apache OpenOffice up to 4.1.10 are affected. It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. See CVE-2021-25634 for the LibreOffice advisory. It is possible for an attacker to manipulate the timestamp of signed documents. ![]() See CVE-2021-25635 for the LibreOffice advisory. It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. This issue affects: Apache OpenOffice versions prior to 4.1.13. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user's configuration data. The stored passwords are encrypted with a single master key provided by the user. Reference: CVE-2022-26307 - LibreOffice Published: Aug7:21:42 AM -0400Īpache OpenOffice supports the storage of passwords for web connections in the user's configuration database. A flaw in OpenOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulnerable to a brute force attack if an attacker has access to the users stored config. ![]() Published: Ma12:15:08 PM -0400Īpache OpenOffice supports the storage of passwords for web connections in the user's configuration database. This may lead to run arbitrary Java code from the current directory. Published: Ma12:15:08 PM -0400Īpache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. In the affected versions of OpenOffice, approval for certain links is not requested when activated, such links could therefore result in arbitrary script execution. The execution of such links must be subject to user approval. Links can be activated by clicks, or by automatic document events. Several URI Schemes are defined for this purpose. Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |