Vulnerability Description
Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the allocated space, leading to the execution of arbitrary code by altering the contents of the program stack. This issue affects Apache OpenOffice up to and including version 4.1.10
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Openoffice | <= 4.1.10 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2021/10/07/3Mailing ListPatchThird Party Advisory
- https://github.com/apache/openoffice/commit/efddaef0151af3be16078cc4d88c6bae0f91PatchThird Party Advisory
- https://lists.apache.org/thread.html/r1ab8532e11f41bc7ca057ac7e39cab25f2e1f9d5f4
- https://lists.apache.org/thread.html/r929c0c6a53cad64a1007b878342756badbb05ddd9b
- http://www.openwall.com/lists/oss-security/2021/10/07/3Mailing ListPatchThird Party Advisory
- https://github.com/apache/openoffice/commit/efddaef0151af3be16078cc4d88c6bae0f91PatchThird Party Advisory
- https://lists.apache.org/thread.html/r1ab8532e11f41bc7ca057ac7e39cab25f2e1f9d5f4
- https://lists.apache.org/thread.html/r929c0c6a53cad64a1007b878342756badbb05ddd9b
FAQ
What is CVE-2021-33035?
CVE-2021-33035 is a vulnerability with a CVSS score of 7.8 (HIGH). Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checke...
How severe is CVE-2021-33035?
CVE-2021-33035 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-33035?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Openoffice.