Description
The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) ODP or (2) OTP file.
References (7)
Core 7
Core References
Issue Tracking x_refsource_misc
https://bz.apache.org/ooo/show_bug.cgi?id=127045
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/92079
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1036443
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-3046-1
Third Party Advisory x_refsource_misc
http://www.talosintelligence.com/reports/TALOS-2016-0051/
Vendor Advisory x_refsource_confirm
http://www.openoffice.org/security/cves/CVE-2016-1513.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201703-01
Scores
CVSS v3
7.8
EPSS
0.0112
EPSS Percentile
78.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-125
CWE-787
Status
published
Products (1)
apache/openoffice
< 4.1.2
Published
Aug 05, 2016
Tracked Since
Feb 18, 2026