Vulnerability Description
Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE-2013-0340 a "Billion Laughs" entity expansion denial of service attack and exploit via crafted XML files. ODF files consist of a set of XML files. All versions of Apache OpenOffice up to 4.1.10 are subject to this issue. expat in version 4.1.11 is patched.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Openoffice | <= 4.1.10 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2021/10/07/4Mailing ListThird Party Advisory
- https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e9
- https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96Mailing ListVendor Advisory
- https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96Mailing ListVendor Advisory
- http://www.openwall.com/lists/oss-security/2021/10/07/4Mailing ListThird Party Advisory
- https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e9
- https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96Mailing ListVendor Advisory
- https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96Mailing ListVendor Advisory
FAQ
What is CVE-2021-40439?
CVE-2021-40439 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE-2013-0340 a "Billion Laughs" entity expansion denial of service attack and exploit via crafted XML fil...
How severe is CVE-2021-40439?
CVE-2021-40439 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-40439?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Openoffice.