Question
Is the ABBYY FineReader Server 14 product affected by the OpenOffice vulnerabilities?
Answer
No, please be aware that the latest version of FineReader Server 14 (build 14.0.3.413), already has this version bundled with:
The latest release could be downloaded by the link - https://www.abbyy.com/finereader-server-downloads/
Fixed in Apache OpenOffice 4.1.11
- CVE-2021-28129: DEB packaging installed with a non-root userid and groupid
- CVE-2021-33035: Buffer overflow from a crafted DBF file
- CVE-2021-40439: "Billion Laughs" fixed in Expat >=2.4.0
- CVE-2021-41830: #1 Content Manipulation with Certificate Double Attack
- CVE-2021-41830: #2 Macro Manipulation with Certificate Double Attack
- CVE-2021-41831: #3 Timestamp Manipulation with Signature Wrapping
- CVE-2021-41832: #4 Content Manipulation with Certificate Validation Attack
https://www.openoffice.org/security/bulletin.html
Fixed in Apache OpenOffice 4.1.10
- CVE-2021-30245: Code execution in Apache OpenOffice via non-http(s) schemes in Hyperlinks
Also, you might use different office applications(LibreOffice and Microsoft office) by steps from the article "Processing Office Documents"
Comments
0 comments
Article is closed for comments.