Candidate: CVE-2021-33035
PublicDate: 2021-09-23 08:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33035
Description:
 Apache OpenOffice opens dBase/DBF documents and shows the contents as
 spreadsheets. DBF are database files with data organized in fields. When
 reading DBF data the size of certain fields is not checked: the data is
 just copied into local variables. A carefully crafted document could
 overflow the allocated space, leading to the execution of arbitrary code by
 altering the contents of the program stack. This issue affects Apache
 OpenOffice up to and including version 4.1.10
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_libreoffice:
upstream_libreoffice: released (1:4.3.1-1)
esm-infra/xenial_libreoffice: not-affected
trusty_libreoffice: ignored (out of standard support)
xenial_libreoffice: ignored (out of standard support)
bionic_libreoffice: not-affected (1:6.0.7-0ubuntu0.18.04.10)
focal_libreoffice: not-affected
hirsute_libreoffice: not-affected
impish_libreoffice: not-affected
devel_libreoffice: not-affected