This is an automated email from the ASF dual-hosted git repository.
ardovm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/openoffice-org.git
The following commit(s) were added to refs/heads/main by this push:
new e1cfc11cae Security bulletin for the Apache OpenOffice 4.1.16 release
e1cfc11cae is described below
commit e1cfc11cae923ce9c79fb4ce0b24ceb0340ce4e1
Author: Arrigo Marchiori <[email protected]>
AuthorDate: Tue Nov 11 22:41:53 2025 +0100
Security bulletin for the Apache OpenOffice 4.1.16 release
---
content/security/bulletin.html | 12 +++++++++
content/security/cves/CVE-2025-64401.md | 45 ++++++++++++++++++++++++++++++++
content/security/cves/CVE-2025-64402.md | 43 ++++++++++++++++++++++++++++++
content/security/cves/CVE-2025-64403.md | 43 ++++++++++++++++++++++++++++++
content/security/cves/CVE-2025-64404.md | 43 ++++++++++++++++++++++++++++++
content/security/cves/CVE-2025-64405.md | 43 ++++++++++++++++++++++++++++++
content/security/cves/CVE-2025-64406.md | 42 ++++++++++++++++++++++++++++++
content/security/cves/CVE-2025-64407.md | 46 +++++++++++++++++++++++++++++++++
8 files changed, 317 insertions(+)
diff --git a/content/security/bulletin.html b/content/security/bulletin.html
index 5a0d27a403..3871338c18 100644
--- a/content/security/bulletin.html
+++ b/content/security/bulletin.html
@@ -19,6 +19,18 @@
subscribe to our <a href="alerts.html">security-alerts mailing
list</a>.</strong>
</p>
+ <h3>Fixed in Apache OpenOffice 4.1.16</h3>
+
+ <ul>
+ <li><a href="cves/CVE-2025-64401.html">CVE-2025-64401</a>: Remote
documents loaded without prompt via IFrame.</li>
+ <li><a href="cves/CVE-2025-64402.html">CVE-2025-64402</a>: Remote
documents loaded without prompt via OLE objects.</li>
+ <li><a href="cves/CVE-2025-64403.html">CVE-2025-64403</a>: Remote
documents loaded without prompt via "external data sources" in Calc.</li>
+ <li><a href="cves/CVE-2025-64404.html">CVE-2025-64404</a>: Remote
documents loaded without prompt via background and bullet images.</li>
+ <li><a href="cves/CVE-2025-64405.html">CVE-2025-64405</a>: Remote
documents loaded without prompt via DDE function.</li>
+ <li><a href="cves/CVE-2025-64406.html">CVE-2025-64406</a>: Possible memory
corruption during CSV import.</li>
+ <li><a href="cves/CVE-2025-64407.html">CVE-2025-64407</a>: URL fetching
can be used to exfiltrate arbitrary INI file values and environment
variables.</li>
+ </ul>
+
<h3>Fixed in Apache OpenOffice 4.1.15</h3>
<ul>
diff --git a/content/security/cves/CVE-2025-64401.md
b/content/security/cves/CVE-2025-64401.md
new file mode 100644
index 0000000000..27f2930524
--- /dev/null
+++ b/content/security/cves/CVE-2025-64401.md
@@ -0,0 +1,45 @@
+type=cve
+cve=CVE-2025-64401
+cvedesc=Remote documents loaded without prompt via IFrame
+cvefixed=4.1.16
+tags=weekly links, java
+status=published
+~~~~~~
+
+**Description**
+
+Apache OpenOffice documents can contain links. A missing Authorization
vulnerability in Apache OpenOffice allowed an attacker to craft a document that
would cause external links to be loaded without prompt. In the affected
versions of Apache OpenOffice, documents that used "floating frames" linked to
external files would load the contents of those frames without prompting the
user for permission to do so.
+
+This issue affects Apache OpenOffice: through 4.1.15.
+
+Users are recommended to upgrade to version 4.1.16, which fixes the issue.
+
+The LibreOffice suite reported this issue as CVE-2023-2255
+
+**Severity: Moderate**
+
+There are no known exploits of this vulnerability.
+A proof-of-concept demonstration exists.
+
+Thanks to the reporter for discovering this issue.
+
+**Vendor: The Apache Software Foundation**
+
+**Versions Affected**
+
+All Apache OpenOffice versions 4.1.15 and older are affected.
+OpenOffice.org versions may also be affected.
+
+**Mitigation**
+
+Install Apache OpenOffice 4.1.16 for the latest maintenance and cumulative
security fixes. Use the Apache OpenOffice [download
page](https://www.openoffice.org/download/).
+
+**Acknowledgements**
+
+The Apache OpenOffice Security Team would like to thank Amel Bouziane-Leblond
for discovering and reporting this issue.
+
+**Further Information**
+
+For additional information and assistance, consult the [Apache OpenOffice
Community Forums](https://forum.openoffice.org/) or make requests to the
[email protected] public mailing list.
+
+The latest information on Apache OpenOffice security bulletins can be found at
the [Bulletin Archive](https://www.openoffice.org/security/bulletin.html) page.
diff --git a/content/security/cves/CVE-2025-64402.md
b/content/security/cves/CVE-2025-64402.md
new file mode 100644
index 0000000000..0eb7b92cc8
--- /dev/null
+++ b/content/security/cves/CVE-2025-64402.md
@@ -0,0 +1,43 @@
+type=cve
+cve=CVE-2025-64402
+cvedesc=Remote documents loaded without prompt via OLE objects
+cvefixed=4.1.16
+tags=weekly links, java
+status=published
+~~~~~~
+
+**Description**
+
+Apache OpenOffice documents can contain links. A missing Authorization
vulnerability in Apache OpenOffice allowed an attacker to craft a document that
would cause external links to be loaded without prompt. In the affected
versions of Apache OpenOffice, documents that used "OLE objects" linked to
external files would load the contents of those files without prompting the
user for permission to do so.
+
+This issue affects Apache OpenOffice: through 4.1.15.
+
+Users are recommended to upgrade to version 4.1.16, which fixes the issue.
+
+**Severity: Moderate**
+
+There are no known exploits of this vulnerability.
+A proof-of-concept demonstration exists.
+
+Thanks to the reporter for discovering this issue.
+
+**Vendor: The Apache Software Foundation**
+
+**Versions Affected**
+
+All Apache OpenOffice versions 4.1.15 and older are affected.
+OpenOffice.org versions may also be affected.
+
+**Mitigation**
+
+Install Apache OpenOffice 4.1.16 for the latest maintenance and cumulative
security fixes. Use the Apache OpenOffice [download
page](https://www.openoffice.org/download/).
+
+**Acknowledgements**
+
+The Apache OpenOffice Security Team would like to thank Dawid Golunski,
Doyensec LLC for discovering and reporting this issue.
+
+**Further Information**
+
+For additional information and assistance, consult the [Apache OpenOffice
Community Forums](https://forum.openoffice.org/) or make requests to the
[email protected] public mailing list.
+
+The latest information on Apache OpenOffice security bulletins can be found at
the [Bulletin Archive](https://www.openoffice.org/security/bulletin.html) page.
diff --git a/content/security/cves/CVE-2025-64403.md
b/content/security/cves/CVE-2025-64403.md
new file mode 100644
index 0000000000..9ed8adeeca
--- /dev/null
+++ b/content/security/cves/CVE-2025-64403.md
@@ -0,0 +1,43 @@
+type=cve
+cve=CVE-2025-64403
+cvedesc=Remote documents loaded without prompt via "external data sources" in
Calc
+cvefixed=4.1.16
+tags=weekly links, java
+status=published
+~~~~~~
+
+**Description**
+
+Apache OpenOffice Calc spreadsheet can contain links to other files, in the
form of "external data sources". A missing Authorization vulnerability in
Apache OpenOffice allowed an attacker to craft a document that would cause such
links to be loaded without prompt.
+
+This issue affects Apache OpenOffice: through 4.1.15.
+
+Users are recommended to upgrade to version 4.1.16, which fixes the issue.
+
+**Severity: Moderate**
+
+There are no known exploits of this vulnerability.
+A proof-of-concept demonstration exists.
+
+Thanks to the reporter for discovering this issue.
+
+**Vendor: The Apache Software Foundation**
+
+**Versions Affected**
+
+All Apache OpenOffice versions 4.1.15 and older are affected.
+OpenOffice.org versions may also be affected.
+
+**Mitigation**
+
+Install Apache OpenOffice 4.1.16 for the latest maintenance and cumulative
security fixes. Use the Apache OpenOffice [download
page](https://www.openoffice.org/download/).
+
+**Acknowledgements**
+
+The Apache OpenOffice Security Team would like to thank Reginaldo Silva of
ubercomp.com for discovering and reporting this issue.
+
+**Further Information**
+
+For additional information and assistance, consult the [Apache OpenOffice
Community Forums](https://forum.openoffice.org/) or make requests to the
[email protected] public mailing list.
+
+The latest information on Apache OpenOffice security bulletins can be found at
the [Bulletin Archive](https://www.openoffice.org/security/bulletin.html) page.
diff --git a/content/security/cves/CVE-2025-64404.md
b/content/security/cves/CVE-2025-64404.md
new file mode 100644
index 0000000000..40ae987ec2
--- /dev/null
+++ b/content/security/cves/CVE-2025-64404.md
@@ -0,0 +1,43 @@
+type=cve
+cve=CVE-2025-64404
+cvedesc=Remote documents loaded without prompt via background and bullet images
+cvefixed=4.1.16
+tags=weekly links, java
+status=published
+~~~~~~
+
+**Description**
+
+Apache OpenOffice documents can contain links to other files. A missing
Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a
document that would cause external links to be loaded without prompt. In the
affected versions of Apache OpenOffice, documents that used background fill
images, or bullet images, linked to external files would load the contents of
those files without prompting the user for permission to do so.
+
+This issue affects Apache OpenOffice: through 4.1.15.
+
+Users are recommended to upgrade to version 4.1.16, which fixes the issue.
+
+**Severity: Moderate**
+
+There are no known exploits of this vulnerability.
+A proof-of-concept demonstration exists.
+
+Thanks to the reporter for discovering this issue.
+
+**Vendor: The Apache Software Foundation**
+
+**Versions Affected**
+
+All Apache OpenOffice versions 4.1.15 and older are affected.
+OpenOffice.org versions may also be affected.
+
+**Mitigation**
+
+Install Apache OpenOffice 4.1.16 for the latest maintenance and cumulative
security fixes. Use the Apache OpenOffice [download
page](https://www.openoffice.org/download/).
+
+**Acknowledgements**
+
+The Apache OpenOffice Security Team would like to thank Reginaldo Silva of
ubercomp.com for discovering and reporting this issue.
+
+**Further Information**
+
+For additional information and assistance, consult the [Apache OpenOffice
Community Forums](https://forum.openoffice.org/) or make requests to the
[email protected] public mailing list.
+
+The latest information on Apache OpenOffice security bulletins can be found at
the [Bulletin Archive](https://www.openoffice.org/security/bulletin.html) page.
diff --git a/content/security/cves/CVE-2025-64405.md
b/content/security/cves/CVE-2025-64405.md
new file mode 100644
index 0000000000..b05a53a6d8
--- /dev/null
+++ b/content/security/cves/CVE-2025-64405.md
@@ -0,0 +1,43 @@
+type=cve
+cve=CVE-2025-64405
+cvedesc=Remote documents loaded without prompt via DDE function
+cvefixed=4.1.16
+tags=weekly links, java
+status=published
+~~~~~~
+
+**Description**
+
+Apache OpenOffice documents can contain links. A missing Authorization
vulnerability in Apache OpenOffice allowed an attacker to craft a document that
would cause external links to be loaded without prompt. In the affected
versions of Apache OpenOffice, Calc spreadsheet containing DDE links to
external files would load the contents of those files without prompting the
user for permission to do so.
+
+This issue affects Apache OpenOffice: through 4.1.15.
+
+Users are recommended to upgrade to version 4.1.16, which fixes the issue.
+
+**Severity: Moderate**
+
+There are no known exploits of this vulnerability.
+A proof-of-concept demonstration exists.
+
+Thanks to the reporter for discovering this issue.
+
+**Vendor: The Apache Software Foundation**
+
+**Versions Affected**
+
+All Apache OpenOffice versions 4.1.15 and older are affected.
+OpenOffice.org versions may also be affected.
+
+**Mitigation**
+
+Install Apache OpenOffice 4.1.16 for the latest maintenance and cumulative
security fixes. Use the Apache OpenOffice [download
page](https://www.openoffice.org/download/).
+
+**Acknowledgements**
+
+The Apache OpenOffice Security Team would like to thank Louis Bettels, from
Technische Universität Braunschweig, for discovering and reporting this issue.
+
+**Further Information**
+
+For additional information and assistance, consult the [Apache OpenOffice
Community Forums](https://forum.openoffice.org/) or make requests to the
[email protected] public mailing list.
+
+The latest information on Apache OpenOffice security bulletins can be found at
the [Bulletin Archive](https://www.openoffice.org/security/bulletin.html) page.
diff --git a/content/security/cves/CVE-2025-64406.md
b/content/security/cves/CVE-2025-64406.md
new file mode 100644
index 0000000000..1b9651727e
--- /dev/null
+++ b/content/security/cves/CVE-2025-64406.md
@@ -0,0 +1,42 @@
+type=cve
+cve=CVE-2025-64406
+cvedesc=Possible memory corruption during CSV import
+cvefixed=4.1.16
+tags=weekly links, java
+status=published
+~~~~~~
+
+**Description**
+
+An out-of-bounds Write vulnerability in Apache OpenOffice could allow an
attacker to craft a document that would crash the program, or otherwise corrupt
other memory areas.
+
+This issue affects Apache OpenOffice: through 4.1.15.
+
+Users are recommended to upgrade to version 4.1.16, which fixes the issue.
+
+**Severity: Important**
+
+There are no known exploits of this vulnerability.
+
+Thanks to the reporter for discovering this issue.
+
+**Vendor: The Apache Software Foundation**
+
+**Versions Affected**
+
+All Apache OpenOffice versions 4.1.15 and older are affected.
+OpenOffice.org versions may also be affected.
+
+**Mitigation**
+
+Install Apache OpenOffice 4.1.16 for the latest maintenance and cumulative
security fixes. Use the Apache OpenOffice [download
page](https://www.openoffice.org/download/).
+
+**Acknowledgements**
+
+The Apache OpenOffice Security Team would like to thank Damjan Jovanovic for
discovering and reporting this issue.
+
+**Further Information**
+
+For additional information and assistance, consult the [Apache OpenOffice
Community Forums](https://forum.openoffice.org/) or make requests to the
[email protected] public mailing list.
+
+The latest information on Apache OpenOffice security bulletins can be found at
the [Bulletin Archive](https://www.openoffice.org/security/bulletin.html) page.
diff --git a/content/security/cves/CVE-2025-64407.md
b/content/security/cves/CVE-2025-64407.md
new file mode 100644
index 0000000000..ae7222fd77
--- /dev/null
+++ b/content/security/cves/CVE-2025-64407.md
@@ -0,0 +1,46 @@
+type=cve
+cve=CVE-2025-64407
+cvedesc=URL fetching can be used to exfiltrate arbitrary INI file values and
environment variables
+cvefixed=4.1.16
+tags=weekly links, java
+status=published
+~~~~~~
+
+**Description**
+
+Apache OpenOffice documents can contain links. A missing Authorization
vulnerability in Apache OpenOffice allowed an attacker to craft a document that
would cause external links to be loaded without prompt. Such links could also
be used to transmit system information, such as environment variables or
configuration settings.
+
+In the affected versions of Apache OpenOffice, documents that used a certain
URI scheme linking to external files would load the contents of such files
without prompting the user for permission to do so. Such URI scheme allows to
include system configuration data, that is not supposed to be transmitted
externally.
+
+This issue affects Apache OpenOffice: through 4.1.15.
+
+Users are recommended to upgrade to version 4.1.16, which fixes the issue.
+
+The LibreOffice suite reported this issue as CVE-2024-12426.
+
+**Severity: Moderate**
+
+There are no known exploits of this vulnerability.
+
+Thanks to the reporter for discovering this issue.
+
+**Vendor: The Apache Software Foundation**
+
+**Versions Affected**
+
+All Apache OpenOffice versions 4.1.15 and older are affected.
+OpenOffice.org versions may also be affected.
+
+**Mitigation**
+
+Install Apache OpenOffice 4.1.16 for the latest maintenance and cumulative
security fixes. Use the Apache OpenOffice [download
page](https://www.openoffice.org/download/).
+
+**Acknowledgements**
+
+The Apache OpenOffice Security Team would like to thank Thomas Rinsma of
Codean Labs for discovering and reporting this issue.
+
+**Further Information**
+
+For additional information and assistance, consult the [Apache OpenOffice
Community Forums](https://forum.openoffice.org/) or make requests to the
[email protected] public mailing list.
+
+The latest information on Apache OpenOffice security bulletins can be found at
the [Bulletin Archive](https://www.openoffice.org/security/bulletin.html) page.
