threat
engine
.sh
Back
·
··:··
Home
/
Product
/
apache openoffice
Product
apache openoffice
94 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-64407
< 4.1.16
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to c
5.3
MEDIUM
CVE-2025-64406
< 4.1.16
An out-of-bounds Write vulnerability in Apache OpenOffice could allow an attacker to craft a document that would crash the program
4.3
MEDIUM
CVE-2025-64405
< 4.1.16
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to c
7.5
HIGH
CVE-2025-64404
< 4.1.16
Apache OpenOffice documents can contain links to other files. A missing Authorization vulnerability in Apache OpenOffice allowed a
7.5
HIGH
CVE-2025-64403
< 4.1.16
Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources". A missing Authorizati
8.1
HIGH
CVE-2025-64402
< 4.1.16
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to c
6.5
MEDIUM
CVE-2025-64401
< 4.1.16
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to
7.5
HIGH
CVE-2023-47804
< 4.1.15
Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined
8.8
HIGH
CVE-2022-47502
<= 4.1.13
Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined
7.8
HIGH
CVE-2022-38745
< 4.1.14
Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbi
7.8
HIGH
CVE-2022-37401
< 4.1.13
Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords
8.8
HIGH
CVE-2022-37400
< 4.1.13
Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords
8.8
HIGH
CVE-2021-41832
< 4.1.11
It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffi
7.5
HIGH
CVE-2021-41831
< 4.1.11
It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are
5.3
MEDIUM
CVE-2021-41830
< 4.1.11
It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of
7.5
HIGH
CVE-2021-40439
<= 4.1.10
Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE-2013-0340 a "Billion Laughs" ent
6.5
MEDIUM
CVE-2021-28129
all versions
While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used
7.8
HIGH
CVE-2021-33035
<= 4.1.10
Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in
7.8
HIGH
CVE-2021-30245
<= 4.1.8
The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. The problem ha
8.8
HIGH
CVE-2020-13958
>= 4.0.0 and < 4.1.8
A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to
7.8
HIGH
CVE-2012-5639
all versions
LibreOffice and OpenOffice automatically open embedded content
6.5
MEDIUM
CVE-2011-2177
all versions
OpenOffice.org v3.3 allows execution of arbitrary code with the privileges of the user running the OpenOffice.org suite tools.
7.8
HIGH
CVE-2018-11790
<= 4.1.5
When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses
7.8
HIGH
CVE-2018-10583
all versions
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and
7.5
HIGH
CVE-2017-3157
<= 4.1.3
By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows read
5.5
MEDIUM
CVE-2017-12608
< 4.1.4
A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in ImportOldFormatStyles, allows attack
7.8
HIGH
CVE-2017-12607
< 4.1.4
A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, allows attackers to craft malicio
7.8
HIGH
CVE-2017-9806
< 4.1.4
A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attack
7.8
HIGH
CVE-2016-6804
< 4.1.3
The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defecti
7.8
HIGH
CVE-2016-6803
<= 4.1.2
An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installer
7.8
HIGH
CVE-2016-1513
<= 4.1.2
The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read o
7.8
HIGH
CVE-2015-5214
<= 4.1.1
LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of serv
CVE-2015-5213
<= 4.1.1
Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of servi
CVE-2015-5212
<= 4.1.1
Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer set
CVE-2015-4551
<= 4.1.1
LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocume
CVE-2015-1774
<= 4.1.1
The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to ca
CVE-2014-3575
< 4.1.1
The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitr
CVE-2014-3524
< 4.1.1
Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact vi
CVE-2013-4156
< 4.0.0
Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have u
CVE-2013-2189
< 4.0.0
Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have u
CVE-2012-2665
< 3.4.1
Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice be
CVE-2012-2149
<= 3.4
The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before
CVE-2012-1149
all versions
Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3
CVE-2012-2334
all versions
Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffi
CVE-2012-0037
all versions
Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5
6.5
MEDIUM
CVE-2010-4643
>= 2.0.0 and < 3.3.0
Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of
CVE-2010-4253
>= 2.0.0 and < 3.3.0
Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of
CVE-2010-3689
>= 3.0.0 and < 3.3.0
soffice in OpenOffice.org (OOo) 3.x before 3.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local user
CVE-2010-3454
>= 2.0.0 and < 3.3.0
Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.
CVE-2010-3453
>= 2.0.0 and < 3.3.0
The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an
CVE-2010-3452
>= 2.0.0 and < 3.3.0
Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial
CVE-2010-3451
>= 2.0.0 and < 3.3.0
Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial
CVE-2010-3450
>= 2.0.0 and < 3.3.0
Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite ar
CVE-2010-4494
>= 2.1.0 and <= 2.4.3
Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, all
CVE-2010-4008
>= 2.0.0 and <= 2.4.3
libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from i
CVE-2010-2936
all versions
Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to c
CVE-2010-2935
all versions
simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associat
CVE-2010-0395
>= 2.0.0 and < 3.2.1
OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and exe
CVE-2010-0136
all versions
OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings
CVE-2009-3302
< 3.2.0
filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash)
CVE-2009-3301
< 3.2.0
Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of servic
CVE-2009-2950
< 3.2.0
Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org
CVE-2009-2949
< 3.2.0
Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows r
CVE-2009-3571
all versions
Unspecified vulnerability in OpenOffice.org (OOo) has unknown impact and client-side attack vector, as demonstrated by a certain m
CVE-2009-3570
all versions
Unspecified vulnerability in OpenOffice.org (OOo) has unspecified impact and remote attack vectors, as demonstrated by a certain m
CVE-2009-3569
all versions
Stack-based buffer overflow in OpenOffice.org (OOo) allows remote attackers to execute arbitrary code via unspecified vectors, as
CVE-2009-0201
<= 3.1
Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers
CVE-2009-0200
<= 3.1
Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execut
CVE-2009-0259
all versions
The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly
CVE-2008-4937
all versions
senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/log.obr.#####
CVE-2008-2238
all versions
Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 allow remote attackers to execute arbitrary code via crafted E
CVE-2008-2237
all versions
Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 allows remote attackers to execute arbitrary code via a crafte
CVE-2008-3282
all versions
Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OO
7.8
HIGH
CVE-2008-3437
all versions
OpenOffice.org (OOo) before 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers t
CVE-2008-2366
all versions
Untrusted search path vulnerability in a certain Red Hat build script for OpenOffice.org (OOo) 1.1.x on Red Hat Enterprise Linux (
CVE-2008-2152
all versions
Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allow
CVE-2008-0320
<= 2.3.1
Heap-based buffer overflow in the OLE importer in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (
CVE-2007-5746
all versions
Integer overflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute ar
CVE-2007-5745
<= 2.3.1
Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service (crash) and
CVE-2007-4575
<= 2.3
HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary
CVE-2007-2834
< 2.3.0
Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); a
CVE-2007-4251
all versions
OpenOffice.org (OOo) 2.2 does not properly handle files with multiple extensions, which allows user-assisted remote attackers to c
CVE-2007-0245
<= 2.2.1
Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a RTF f
CVE-2007-0239
all versions
OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in
CVE-2007-0238
all versions
Stack-based buffer overflow in filter\starcalc\scflt.cxx in the StarCalc parser in OpenOffice.org (OOo) Office Suite before 2.2, a
CVE-2006-5870
<= 2.0.4
Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 t
CVE-2006-6628
all versions
Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted remote attackers to cause a denial of service (application crash
CVE-2006-3117
all versions
Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attack
CVE-2006-2199
all versions
Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka StarOffice) up to 1.1.5 and 2.0.x before 2.0.3 allows user-
CVE-2006-2198
all versions
OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized ac
CVE-2005-4636
all versions
OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button
CVE-2005-0941
all versions
The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values,
CVE-2004-0752
all versions
OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users t
CVE-2002-2210
all versions
The installation of OpenOffice 1.0.1 allows local users to overwrite files and possibly gain privileges via a symlink attack on th
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin