Libreoffice
by Libreoffice
Source repositories
CVEs (56)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-6472 | 0.00 | — | 0.00 | Aug 5, 2024 | Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened a warning is displayed by… | |||
| CVE-2024-5261 | 0.00 | — | 0.00 | Jun 25, 2024 | Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification LibreOfficeKit can be used for accessing LibreOffice functionality through C/C++. Typically this is used by third party components to reuse LibreOffice… | |||
| CVE-2024-3044 | 0.00 | — | 0.01 | May 14, 2024 | Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed… | |||
| CVE-2021-25631 | 0.00 | — | 0.04 | May 3, 2021 | In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type. | |||
| CVE-2018-18688 | 0.00 | — | 0.01 | Jan 7, 2021 | The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature… | |||
| CVE-2020-12803 | 0.00 | — | 0.02 | Jun 8, 2020 | ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted… | |||
| CVE-2020-12801 | 0.00 | — | 0.01 | May 18, 2020 | If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document… | |||
| CVE-2012-5639 | 0.00 | — | 0.06 | Dec 20, 2019 | LibreOffice and OpenOffice automatically open embedded content | |||
| CVE-2019-9853 | 0.00 | — | 0.03 | Sep 27, 2019 | LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and… | |||
| CVE-2019-9852 | 0.00 | — | 0.02 | Aug 15, 2019 | LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of… | |||
| CVE-2019-9847 | 0.00 | — | 0.01 | May 9, 2019 | A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable target is unconditionally… | |||
| CVE-2014-9093 | 0.00 | — | 0.04 | Nov 26, 2014 | LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file. | |||
| CVE-2014-3693 | 0.00 | — | 0.05 | Nov 7, 2014 | Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599. | |||
| CVE-2014-0247 | 0.00 | — | 0.04 | Jul 3, 2014 | LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx. | |||
| CVE-2012-4233 | 0.00 | — | 0.03 | Nov 19, 2012 | LibreOffice 3.5.x before 3.5.7.2 and 3.6.x before 3.6.1, and OpenOffice.org (OOo), allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted (1) odt file to vcllo.dll, (2) ODG (Drawing document) file to svxcorelo.dll, (3) PolyPolygon record in… | |||
| CVE-2011-2713 | 0.00 | — | 0.03 | Oct 21, 2011 | oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted DOC file that triggers an out-of-bounds read in the DOC sprm parser. |
- CVE-2024-6472Aug 5, 2024risk 0.00cvss —epss 0.00
Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened a warning is displayed by…
- CVE-2024-5261Jun 25, 2024risk 0.00cvss —epss 0.00
Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification LibreOfficeKit can be used for accessing LibreOffice functionality through C/C++. Typically this is used by third party components to reuse LibreOffice…
- CVE-2024-3044May 14, 2024risk 0.00cvss —epss 0.01
Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed…
- CVE-2021-25631May 3, 2021risk 0.00cvss —epss 0.04
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type.
- CVE-2018-18688Jan 7, 2021risk 0.00cvss —epss 0.01
The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature…
- CVE-2020-12803Jun 8, 2020risk 0.00cvss —epss 0.02
ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted…
- CVE-2020-12801May 18, 2020risk 0.00cvss —epss 0.01
If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document…
- CVE-2012-5639Dec 20, 2019risk 0.00cvss —epss 0.06
LibreOffice and OpenOffice automatically open embedded content
- CVE-2019-9853Sep 27, 2019risk 0.00cvss —epss 0.03
LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and…
- CVE-2019-9852Aug 15, 2019risk 0.00cvss —epss 0.02
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of…
- CVE-2019-9847May 9, 2019risk 0.00cvss —epss 0.01
A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable target is unconditionally…
- CVE-2014-9093Nov 26, 2014risk 0.00cvss —epss 0.04
LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.
- CVE-2014-3693Nov 7, 2014risk 0.00cvss —epss 0.05
Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599.
- CVE-2014-0247Jul 3, 2014risk 0.00cvss —epss 0.04
LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx.
- CVE-2012-4233Nov 19, 2012risk 0.00cvss —epss 0.03
LibreOffice 3.5.x before 3.5.7.2 and 3.6.x before 3.6.1, and OpenOffice.org (OOo), allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted (1) odt file to vcllo.dll, (2) ODG (Drawing document) file to svxcorelo.dll, (3) PolyPolygon record in…
- CVE-2011-2713Oct 21, 2011risk 0.00cvss —epss 0.03
oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted DOC file that triggers an out-of-bounds read in the DOC sprm parser.
Page 3 of 3