oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2025-64406: Apache OpenOffice: Possible memory corruption during CSV import

From: Arrigo Marchiori <ardovm () apache org>
Date: Tue, 11 Nov 2025 22:38:18 +0000
Severity: important 

Affected versions:

- Apache OpenOffice through 4.1.15

Description:

An out-of-bounds Write vulnerability in Apache OpenOffice could allow an attacker to craft a document that would crash 
the program, or otherwise corrupt other memory areas.

This issue affects Apache OpenOffice: through 4.1.15.

Users are recommended to upgrade to version 4.1.16, which fixes the issue.

Credit:

Damjan Jovanovic for discovering, reporting and fixing the issue (finder)

References:

https://www.openoffice.org/security/cves/CVE-2025-64406.html
https://openoffice.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-64406
Previous By Date Next
Previous By Thread Next

Current thread: