QwikSec

Security Database

CVE

CWE

Training

CVE-2021-33035

Published: Sep 23, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the allocated space, leading to the execution of arbitrary code by altering the contents of the program stack. This issue affects Apache OpenOffice up to and including version 4.1.10

Vendor	Product	Versions
Apache Software Foundation	Apache OpenOffice	affected `Apache OpenOffice - <= 4.1.10` affected `OpenOffice.org - <= 3.4`

Weaknesses (CWE)

References

https://github.com/apache/openoffice/commit/efddaef0151af3be16078cc4d88c6bae0f911e56#diff-ea66e734dd358922aba12ad4ba39c96bdc6cbde587d07dbc63d04daa0a30e90f

x_refsource_MISC

[announce] 20211007 CVE-2021-33035: Apache OpenOffice: Buffer overflow from a crafted DBF file

mailing-list

x_refsource_MLIST

[openoffice-users] 20211007 CVE-2021-33035: Apache OpenOffice: Buffer overflow from a crafted DBF file

mailing-list

x_refsource_MLIST

[oss-security] 20211007 CVE-2021-33035: Apache OpenOffice: Buffer overflow from a crafted DBF file

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.