Vendor
Libreoffice
Products
3
CVEs
28
Across products
95
Status
Private
Products
3- 93 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
28| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-8358 | Cri | 0.64 | 9.8 | 0.01 | Apr 30, 2017 | LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpegc.cxx. | |
| CVE-2017-7882 | Cri | 0.64 | 9.8 | 0.01 | Apr 15, 2017 | LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx. | |
| CVE-2017-7870 | Cri | 0.64 | 9.8 | 0.01 | Apr 14, 2017 | LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx. | |
| CVE-2017-7856 | Cri | 0.64 | 9.8 | 0.02 | Apr 14, 2017 | LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source/gdi/svmconverter.cxx. | |
| CVE-2016-10327 | Cri | 0.64 | 9.8 | 0.01 | Apr 14, 2017 | LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx. | |
| CVE-2026-4430 | Hig | 0.51 | 7.8 | 0.00 | May 7, 2026 | Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7. | |
| CVE-2016-0795 | Hig | 0.51 | 7.8 | 0.01 | Feb 18, 2016 | LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro (lwp) document. | |
| CVE-2016-0794 | Hig | 0.51 | 7.8 | 0.00 | Feb 18, 2016 | The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LotusWordPro (lwp) document. | |
| CVE-2017-14226 | Hig | 0.49 | 7.5 | 0.02 | Sep 9, 2017 | WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application. | |
| CVE-2012-0037 | Med | 0.35 | 6.5 | 0.01 | Jun 17, 2012 | Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document. | |
| CVE-2015-5212 | 0.03 | — | 0.43 | Nov 10, 2015 | Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted PrinterSetup data in an ODF document. | ||
| CVE-2015-5214 | 0.02 | — | 0.30 | Nov 10, 2015 | LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file. | ||
| CVE-2015-5213 | 0.01 | — | 0.14 | Nov 10, 2015 | Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a long DOC file, which triggers a buffer overflow. | ||
| CVE-2015-4551 | 0.01 | — | 0.08 | Nov 10, 2015 | LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from local files into (1) Calc or (2) Writer. | ||
| CVE-2015-1774 | 0.01 | — | 0.07 | Apr 28, 2015 | The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write. | ||
| CVE-2014-3575 | 0.01 | — | 0.10 | Aug 27, 2014 | The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects. | ||
| CVE-2014-3524 | 0.01 | — | 0.11 | Aug 26, 2014 | Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet. | ||
| CVE-2014-0247 | 0.01 | — | 0.07 | Jul 3, 2014 | LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx. | ||
| CVE-2012-2334 | 0.01 | — | 0.09 | Jun 19, 2012 | Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the length of an Escher graphics record in a PowerPoint (.ppt) document, which triggers a buffer overflow. | ||
| CVE-2011-2685 | 0.01 | — | 0.14 | Jul 21, 2011 | Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary code via a crafted .lwp file. |