rpm package

opensuse/libreoffice&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/libreoffice&distro=openSUSE%20Tumbleweed

Vulnerabilities (43)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2017-7870	Cri	9.8	< 7.1.5.2-3.13	7.1.5.2-3.13	Apr 14, 2017	LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx.
CVE-2016-10327	Cri	9.8	< 7.1.5.2-3.13	7.1.5.2-3.13	Apr 14, 2017	LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx.
CVE-2016-4324	Hig	7.8	< 5.2.3.3-2.2	5.2.3.3-2.2	Jul 8, 2016	Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens.
CVE-2016-0795	Hig	7.8	< 5.2.3.3-2.2	5.2.3.3-2.2	Feb 18, 2016	LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro (lwp) document.
CVE-2016-0794	Hig	7.8	< 5.2.3.3-2.2	5.2.3.3-2.2	Feb 18, 2016	The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LotusWordPro (lwp) document.
CVE-2015-5214		—	< 5.2.3.3-2.2	5.2.3.3-2.2	Nov 10, 2015	LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file.
CVE-2015-5213		—	< 5.2.3.3-2.2	5.2.3.3-2.2	Nov 10, 2015	Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a long DOC file, which triggers a buffer overflow.
CVE-2015-5212		—	< 5.2.3.3-2.2	5.2.3.3-2.2	Nov 10, 2015	Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execut
CVE-2015-4551		—	< 5.2.3.3-2.2	5.2.3.3-2.2	Nov 10, 2015	LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which em
CVE-2014-8147		—	< 5.2.3.3-2.2	5.2.3.3-2.2	May 25, 2015	The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause
CVE-2014-8146		—	< 5.2.3.3-2.2	5.2.3.3-2.2	May 25, 2015	The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a de
CVE-2014-9093		—	< 5.2.3.3-2.2	5.2.3.3-2.2	Nov 26, 2014	LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.
CVE-2014-3693		—	< 5.2.3.3-2.2	5.2.3.3-2.2	Nov 7, 2014	Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599.
CVE-2014-3575		—	< 5.2.3.3-2.2	5.2.3.3-2.2	Aug 27, 2014	The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.
CVE-2014-3524		—	< 5.2.3.3-2.2	5.2.3.3-2.2	Aug 26, 2014	Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet.
CVE-2014-0247		—	< 5.2.3.3-2.2	5.2.3.3-2.2	Jul 3, 2014	LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx.
CVE-2010-2936		—	< 5.2.3.3-2.2	5.2.3.3-2.2	Aug 25, 2010	Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-bas
CVE-2010-2935		—	< 5.2.3.3-2.2	5.2.3.3-2.2	Aug 25, 2010	simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code v
CVE-2007-0239		—	< 7.1.5.2-3.13	7.1.5.2-3.13	Mar 21, 2007	OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document.
CVE-2007-0238		—	< 7.1.5.2-3.13	7.1.5.2-3.13	Mar 21, 2007	Stack-based buffer overflow in filter\starcalc\scflt.cxx in the StarCalc parser in OpenOffice.org (OOo) Office Suite before 2.2, and 1.x before 1.1.5 Patch, allows user-assisted remote attackers to execute arbitrary code via a document with a long Note.

CVE-2017-7870CriApr 14, 2017
affected < 7.1.5.2-3.13fixed 7.1.5.2-3.13
LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx.
CVE-2016-10327CriApr 14, 2017
affected < 7.1.5.2-3.13fixed 7.1.5.2-3.13
LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx.
CVE-2016-4324HigJul 8, 2016
affected < 5.2.3.3-2.2fixed 5.2.3.3-2.2
Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens.
CVE-2016-0795HigFeb 18, 2016
affected < 5.2.3.3-2.2fixed 5.2.3.3-2.2
LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro (lwp) document.
CVE-2016-0794HigFeb 18, 2016
affected < 5.2.3.3-2.2fixed 5.2.3.3-2.2
The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LotusWordPro (lwp) document.
CVE-2015-5214Nov 10, 2015
affected < 5.2.3.3-2.2fixed 5.2.3.3-2.2
LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file.
CVE-2015-5213Nov 10, 2015
affected < 5.2.3.3-2.2fixed 5.2.3.3-2.2
Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a long DOC file, which triggers a buffer overflow.
CVE-2015-5212Nov 10, 2015
affected < 5.2.3.3-2.2fixed 5.2.3.3-2.2
Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execut
CVE-2015-4551Nov 10, 2015
affected < 5.2.3.3-2.2fixed 5.2.3.3-2.2
LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which em
CVE-2014-8147May 25, 2015
affected < 5.2.3.3-2.2fixed 5.2.3.3-2.2
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause
CVE-2014-8146May 25, 2015
affected < 5.2.3.3-2.2fixed 5.2.3.3-2.2
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a de
CVE-2014-9093Nov 26, 2014
affected < 5.2.3.3-2.2fixed 5.2.3.3-2.2
LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.
CVE-2014-3693Nov 7, 2014
affected < 5.2.3.3-2.2fixed 5.2.3.3-2.2
Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599.
CVE-2014-3575Aug 27, 2014
affected < 5.2.3.3-2.2fixed 5.2.3.3-2.2
The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.
CVE-2014-3524Aug 26, 2014
affected < 5.2.3.3-2.2fixed 5.2.3.3-2.2
Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet.
CVE-2014-0247Jul 3, 2014
affected < 5.2.3.3-2.2fixed 5.2.3.3-2.2
LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx.
CVE-2010-2936Aug 25, 2010
affected < 5.2.3.3-2.2fixed 5.2.3.3-2.2
Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-bas
CVE-2010-2935Aug 25, 2010
affected < 5.2.3.3-2.2fixed 5.2.3.3-2.2
simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code v
CVE-2007-0239Mar 21, 2007
affected < 7.1.5.2-3.13fixed 7.1.5.2-3.13
OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document.
CVE-2007-0238Mar 21, 2007
affected < 7.1.5.2-3.13fixed 7.1.5.2-3.13
Stack-based buffer overflow in filter\starcalc\scflt.cxx in the StarCalc parser in OpenOffice.org (OOo) Office Suite before 2.2, and 1.x before 1.1.5 Patch, allows user-assisted remote attackers to execute arbitrary code via a document with a long Note.

Page 2 of 3