OpenOffice.org Security Team Bulletin

If you want to stay up to date on OpenOffice.org security announcements, please subscribe to our security-alerts mailing list.

CVE-2012-1149: OpenOffice.org integer overflow error in vclmi.dll module when allocating memory for an embedded image object
CVE-2012-2149: OpenOffice.org memory overwrite vulnerability
CVE-2012-2334: Vulnerabilities related to malformed Powerpoint files in OpenOffice.org 3.3.0

CVE-2010-2935 / CVE-2010-2936: Security Vulnerability in OpenOffice.org related to PowerPoint document processing
CVE-2010-3450: Security Vulnerability in OpenOffice.org related to Extensions and filter package files
CVE-2010-3451 / CVE-2010-3452: Security Vulnerability in OpenOffice.org related to RTF document processing
CVE-2010-3453 / CVE-2010-3454: Security Vulnerability in OpenOffice.org related to Word document processing
CVE-2010-3689: Insecure LD_LIBRARY_PATH usage in OpenOffice.org shell scripts
CVE-2010-3702 / CVE-2010-3704: Security Vulnerability in OpenOffice.org's PDF Import extension resulting from 3rd party library XPDF
CVE-2010-4008 / CVE-2010-4494: Possible Security Vulnerability in OpenOffice.org resulting from 3rd party library LIBXML2
CVE-2010-4253: Security Vulnerability in OpenOffice.org related to PNG file processing
CVE-2010-4643: Security Vulnerability in OpenOffice.org related to TGA file processing

CVE-2009-3555: OpenOffice.org 2 and 3 may be affected by the TLS/SSL Renegotiation Issue in 3rd Party Libraries
CVE-2010-0395: Security vulnerability in OpenOffice.org related to python scripting

CVE-2006-4339: Potential vulnerability from 3rd party libxml2 libraries
CVE-2009-0217: Potential vulnerability from 3rd party libxmlsec libraries
CVE-2009-2493: OpenOffice.org 3 for Windows bundles a vulnerable version of MSVC Runtime
CVE-2009-2949: Potential vulnerability related to XPM file processing
CVE-2009-2950: Potential vulnerability related to GIF file processing
CVE-2009-3301/2: Potential vulnerability related to MS-Word document processing

CVE-2009-0200 / CVE-2009-0201: Manipulated Microsoft Word files can lead to heap overflows and arbitrary code execution
CVE-2009-2414 / CVE-2009-2416: Manipulated XML documents can lead to arbitrary code execution

CVE-2009-0200 / CVE-2009-0201: Manipulated Microsoft Word files can lead to heap overflows and arbitrary code execution
CVE-2009-2414 / CVE-2009-2416: Manipulated XML documents can lead to arbitrary code execution

CVE-2008-2237: Manipulated WMF files can lead to heap overflows and arbitrary code execution
CVE-2008-2238: Manipulated EMF files can lead to heap overflows and arbitrary code execution

CVE-2008-2152: Different kinds of manipulated files may lead to heap overflows and arbitrary code execution

CVE-2007-4770/4771: Manipulated ODF text documents containing XForms can lead to heap overflows and arbitrary code execution
CVE-2007-5745/5747: Manipulated Quattro Pro files can lead to heap overflows and arbitrary code execution
CVE-2007-5746: Manipulated EMF files can lead to heap overflows and arbitrary code execution
CVE-2008-0320: Manipulated OLE files can lead to heap overflows and arbitrary code execution

CVE-2007-4575: Potential arbitrary code execution vulnerability in 3rd party module (HSQLDB)

CVE-2007-2834: Manipulated TIFF files can lead to heap overflows and arbitrary code execution

CVE-2007-2754: Integer overflow and heap-based buffer overflow vulnerability in 3rd party module (freetype)
CVE-2007-0245: Manipulated RTF files can lead to heap overflows and arbitrary code execution