A buffer overflow vulnerability in Apache OpenOffice could be exploited to execute arbitrary code on target machines using malicious documents.

The vulnerability, tracked as CVE-2021-33035, was discovered by security researcher Eugene Lim, the bug affects OpenOffice versions up to 4.1.10, with patches deployed in the 4.1.11 beta only, meaning that most installations out there are likely vulnerable.

The security researcher Eugene Lim reported the vulnerability in May and Apache updated OpenOffice’s source code on GitHub, but has yet to make the patches available in a stable release.

Source: securityweek.com