Is the ABBYY FineReader Server 14 product affected by the OpenOffice vulnerabilities?
No, please be aware that the latest version of FineReader Server 14 (build 18.104.22.1683), already has this version bundled with:
The latest release could be downloaded by the link - https://www.abbyy.com/finereader-server-downloads/
Fixed in Apache OpenOffice 4.1.11
- CVE-2021-28129: DEB packaging installed with a non-root userid and groupid
- CVE-2021-33035: Buffer overflow from a crafted DBF file
- CVE-2021-40439: "Billion Laughs" fixed in Expat >=2.4.0
- CVE-2021-41830: #1 Content Manipulation with Certificate Double Attack
- CVE-2021-41830: #2 Macro Manipulation with Certificate Double Attack
- CVE-2021-41831: #3 Timestamp Manipulation with Signature Wrapping
- CVE-2021-41832: #4 Content Manipulation with Certificate Validation Attack
Fixed in Apache OpenOffice 4.1.10
- CVE-2021-30245: Code execution in Apache OpenOffice via non-http(s) schemes in Hyperlinks
Also, you might use different office applications(LibreOffice and Microsoft office) by steps from the article "Processing Office Documents"
Article is closed for comments.