Caolanm

**Name of the Vulnerable Software and Affected Versions** Collabora Online versions prior to 23.05.20.1 Collabora Online versions prior to 24.04.17.3 Collabora Online versions prior to 25.04.7.5 Collabora Online Development Edition versions prior to 25.04.08.2 **Description** Collabora Online is a collaborative online office suite based on LibreOffice technology. A user with view-only rights and no download privileges can obtain a local copy of a shared file. Pressing Ctrl+Shift+S initiates the file download process, bypassing access restrictions and leading to unauthorized data retrieval. **Recommendations** Update Collabora Online to version 23.05.20.1 or later. Update Collabora Online to version 24.04.17.3 or later. Update Collabora Online to version 25.04.7.5 or later. Update Collabora Online Development Edition to version 25.04.08.2 or later.

**Name of the Vulnerable Software and Affected Versions** Collabora Online versions prior to 22.05.23.1 Collabora Online versions prior to 23.05.14.1 Collabora Online versions prior to 24.04.4.3 **Description** In affected versions of Collabora Online, a collaborative online office suite based on LibreOffice, https connections from coolwsd to other hosts may incompletely verify the remote host's certificate against the full chain of trust. **Recommendations** For versions prior to 22.05.23.1, update to version 22.05.23.1 or later. For versions prior to 23.05.14.1, update to version 23.05.14.1 or later. For versions prior to 24.04.4.3, update to version 24.04.4.3 or later.

**Name of the Vulnerable Software and Affected Versions** OpenOffice.org versions prior to 2.1.0 StarOffice versions 6 through 8 **Description** The issue is related to multiple integer overflows that allow user-assisted remote attackers to execute arbitrary code. This can be achieved via crafted WMF or EMF files that trigger heap-based buffer overflows in specific files, including `wmf/winwmf.cxx` during processing of META ESCAPE records, and `wmf/enhwmf.cxx` during processing of `EMR POLYPOLYGON` and `EMR POLYPOLYGON16` records. **Recommendations** For OpenOffice.org versions prior to 2.1.0, update to version 2.1.0 or later to resolve the issue. For StarOffice versions 6 through 8, update to a version later than 8 to resolve the issue. As a temporary workaround, consider avoiding the use of WMF and EMF files in OpenOffice.org and StarOffice until a patch is available.