VYPR
Vendor

Libreoffice

Products
2
CVEs
56
Across products
58
Status
Private

Products

2

Recent CVEs

56
View all 56 CVEs →
  • CVE-2018-14939CriAug 5, 2018
    risk 0.64cvss 9.8epss 0.02

    The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have…

  • CVE-2017-8358CriApr 30, 2017
    risk 0.64cvss 9.8epss 0.02

    LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpegc.cxx.

  • CVE-2017-7882CriApr 15, 2017
    risk 0.64cvss 9.8epss 0.02

    LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx.

  • CVE-2017-7870CriApr 14, 2017
    risk 0.64cvss 9.8epss 0.04

    LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx.

  • CVE-2017-7856CriApr 14, 2017
    risk 0.64cvss 9.8epss 0.03

    LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source/gdi/svmconverter.cxx.

  • CVE-2018-6871CriFeb 9, 2018
    risk 0.62cvss 9.8epss 0.23

    LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.

  • CVE-2018-10583HigMay 1, 2018
    risk 0.58cvss 7.5epss 0.79

    An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content…

  • CVE-2016-10327CriApr 14, 2017
    risk 0.57cvss 9.8epss 0.04

    LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx.

  • CVE-2026-4430HigMay 7, 2026
    risk 0.51cvss 7.8epss 0.00

    Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7.

  • CVE-2016-4324HigJul 8, 2016
    risk 0.51cvss 7.8epss 0.03

    Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens.

  • CVE-2016-0795HigFeb 18, 2016
    risk 0.51cvss 7.8epss 0.03

    LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro (lwp) document.

  • CVE-2016-0794HigFeb 18, 2016
    risk 0.51cvss 7.8epss 0.03

    The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LotusWordPro (lwp) document.

  • CVE-2017-14226HigSep 9, 2017
    risk 0.49cvss 7.5epss 0.02

    WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered…

  • CVE-2018-10120HigApr 16, 2018
    risk 0.44cvss 7.8epss 0.02

    The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or…

  • CVE-2018-10119HigApr 16, 2018
    risk 0.44cvss 7.8epss 0.02

    sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other…

  • CVE-2012-0037MedJun 17, 2012
    risk 0.36cvss 6.5epss 0.14

    Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and…

  • CVE-2026-8358MedJun 15, 2026
    risk 0.35cvss epss 0.00

    LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the…

  • CVE-2026-8357MedJun 15, 2026
    risk 0.35cvss epss 0.00

    LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula…

  • CVE-2026-8356MedJun 15, 2026
    risk 0.35cvss epss 0.00

    LibreOffice can import presentations in the legacy binary PPT format. A stack buffer overflow existed when importing a colour-replacement record. Two fixed-size colour tables were filled from the file, but the write position was not reset between the two passes over the record,…

  • CVE-2026-6047MedJun 15, 2026
    risk 0.35cvss epss 0.00

    LibreOffice can import documents in the OOXML format (DOCX). A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object,…