Apache · Apache Openoffice · CVE-2021-40439
**Name of the Vulnerable Software and Affected Versions**
Apache OpenOffice versions prior to 4.1.11
**Description**
The issue is related to a dependency on expat software, which is vulnerable to a "Billion Laughs" entity expansion denial of service attack. This can be exploited via crafted XML files. Since ODF files consist of a set of XML files, this poses a risk.
**Recommendations**
For versions prior to 4.1.11, update to version 4.1.11 or later, as expat in version 4.1.11 is patched.