Billion Laughs

Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE-2013-0340 a "Billion Laughs" entity expansion denial of service attack and exploit via crafted XML files. ODF files consist of a set of XML files. All versions of Apache OpenOffice up to 4.1.10 are subject to this issue. expat in version 4.1.11 is patched.

N/A

XML外部实体引用的不恰当限制(XXE)

Apache OpenOffice 代码问题漏洞

Apache OpenOffice是美国阿帕奇（Apache）基金会的一款开源的办公软件套件。该套件包含文本文档、电子表格、演示文稿、绘图、数据库等。 Apache OpenOffice存在代码问题漏洞，该漏洞源于Apache OpenOffice依赖于expat软件。Expat 2.1.0之前的版本受到CVE-2013-0340“Billion Laughs”实体扩展拒绝服务攻击，攻击者可以通过精心制作的XML文件加以利用。

N/A

N/A