PT-2021-22894 · Apache · Apache Openoffice+1
Dave Fisher
·
Published
2021-09-23
·
Updated
2021-10-15
·
CVE-2021-40439
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Apache OpenOffice versions prior to 4.1.11
Description
The issue is related to a dependency on expat software, which is vulnerable to a "Billion Laughs" entity expansion denial of service attack. This can be exploited via crafted XML files. Since ODF files consist of a set of XML files, this poses a risk.
Recommendations
For versions prior to 4.1.11, update to version 4.1.11 or later, as expat in version 4.1.11 is patched.
Fix
DoS
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Openoffice
Openoffice