VYPR

Vendor CVEs

Libreoffice

All CVEs

56 total · sorted by risk
  • CVE-2018-14939CriAug 5, 2018
    risk 0.64cvss 9.8epss 0.02

    The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have…

  • CVE-2017-8358CriApr 30, 2017
    risk 0.64cvss 9.8epss 0.02

    LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpegc.cxx.

  • CVE-2017-7882CriApr 15, 2017
    risk 0.64cvss 9.8epss 0.02

    LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx.

  • CVE-2017-7870CriApr 14, 2017
    risk 0.64cvss 9.8epss 0.04

    LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx.

  • CVE-2017-7856CriApr 14, 2017
    risk 0.64cvss 9.8epss 0.03

    LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source/gdi/svmconverter.cxx.

  • CVE-2018-6871CriFeb 9, 2018
    risk 0.62cvss 9.8epss 0.23

    LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.

  • CVE-2018-10583HigMay 1, 2018
    risk 0.58cvss 7.5epss 0.79

    An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content…

  • CVE-2016-10327CriApr 14, 2017
    risk 0.57cvss 9.8epss 0.04

    LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx.

  • CVE-2026-4430HigMay 7, 2026
    risk 0.51cvss 7.8epss 0.00

    Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7.

  • CVE-2016-4324HigJul 8, 2016
    risk 0.51cvss 7.8epss 0.03

    Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens.

  • CVE-2016-0795HigFeb 18, 2016
    risk 0.51cvss 7.8epss 0.03

    LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro (lwp) document.

  • CVE-2016-0794HigFeb 18, 2016
    risk 0.51cvss 7.8epss 0.03

    The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LotusWordPro (lwp) document.

  • CVE-2017-14226HigSep 9, 2017
    risk 0.49cvss 7.5epss 0.02

    WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered…

  • CVE-2018-10120HigApr 16, 2018
    risk 0.44cvss 7.8epss 0.02

    The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or…

  • CVE-2018-10119HigApr 16, 2018
    risk 0.44cvss 7.8epss 0.02

    sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other…

  • CVE-2012-0037MedJun 17, 2012
    risk 0.36cvss 6.5epss 0.14

    Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and…

  • CVE-2026-8358MedJun 15, 2026
    risk 0.35cvss epss 0.00

    LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the…

  • CVE-2026-8357MedJun 15, 2026
    risk 0.35cvss epss 0.00

    LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula…

  • CVE-2026-8356MedJun 15, 2026
    risk 0.35cvss epss 0.00

    LibreOffice can import presentations in the legacy binary PPT format. A stack buffer overflow existed when importing a colour-replacement record. Two fixed-size colour tables were filled from the file, but the write position was not reset between the two passes over the record,…

  • CVE-2026-6047MedJun 15, 2026
    risk 0.35cvss epss 0.00

    LibreOffice can import documents in the OOXML format (DOCX). A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object,…

  • CVE-2026-6045MedJun 15, 2026
    risk 0.35cvss epss 0.00

    LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could…

  • CVE-2026-6040MedJun 15, 2026
    risk 0.35cvss epss 0.00

    A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that…

  • CVE-2026-6039MedJun 15, 2026
    risk 0.35cvss epss 0.00

    LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count taken from the file was truncated to a 16-bit value when the point buffer was sized, while the full count was used to fill it, so…

  • CVE-2018-16858Mar 25, 2019
    risk 0.03cvss epss 0.68

    It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python…

  • CVE-2023-1183Jul 10, 2023
    risk 0.01cvss epss 0.66

    A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.

  • CVE-2015-5214Nov 10, 2015
    risk 0.01cvss epss 0.10

    LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file.

  • CVE-2015-5213Nov 10, 2015
    risk 0.01cvss epss 0.13

    Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a long DOC file, which triggers a buffer overflow.

  • CVE-2015-5212Nov 10, 2015
    risk 0.01cvss epss 0.09

    Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly…

  • CVE-2015-4551Nov 10, 2015
    risk 0.01cvss epss 0.14

    LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which…

  • CVE-2015-1774Apr 28, 2015
    risk 0.01cvss epss 0.08

    The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.

  • CVE-2014-3575Aug 27, 2014
    risk 0.01cvss epss 0.10

    The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.

  • CVE-2014-3524Aug 26, 2014
    risk 0.01cvss epss 0.15

    Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet.

  • CVE-2012-2665Aug 6, 2012
    risk 0.01cvss epss 0.07

    Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with…

  • CVE-2012-1149Jun 21, 2012
    risk 0.01cvss epss 0.14

    Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object,…

  • CVE-2012-2334Jun 19, 2012
    risk 0.01cvss epss 0.13

    Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the length of an Escher…

  • CVE-2011-2685Jul 21, 2011
    risk 0.01cvss epss 0.07

    Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary code via a crafted .lwp file.

  • CVE-2025-14714Dec 15, 2025
    risk 0.00cvss epss 0.00

    An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle By executing the bundled interpreter directly the…

  • CVE-2025-2866Apr 27, 2025
    risk 0.00cvss epss 0.00

    Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation. In the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause invalid signatures to be…

  • CVE-2021-25635Mar 21, 2025
    risk 0.00cvss epss 0.00

    An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid (or unknown to LibreOffice) algorithm and LibreOffice…

  • CVE-2025-1080Mar 4, 2025
    risk 0.00cvss epss 0.00

    LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could…

  • CVE-2024-6472Aug 5, 2024
    risk 0.00cvss epss 0.00

    Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened a warning is displayed by…

  • CVE-2024-5261Jun 25, 2024
    risk 0.00cvss epss 0.00

    Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification LibreOfficeKit can be used for accessing LibreOffice functionality through C/C++. Typically this is used by third party components to reuse LibreOffice…

  • CVE-2024-3044May 14, 2024
    risk 0.00cvss epss 0.01

    Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed…

  • CVE-2021-25631May 3, 2021
    risk 0.00cvss epss 0.04

    In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type.

  • CVE-2018-18688Jan 7, 2021
    risk 0.00cvss epss 0.01

    The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature…

  • CVE-2020-12803Jun 8, 2020
    risk 0.00cvss epss 0.02

    ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted…

  • CVE-2020-12801May 18, 2020
    risk 0.00cvss epss 0.01

    If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document…

  • CVE-2012-5639Dec 20, 2019
    risk 0.00cvss epss 0.06

    LibreOffice and OpenOffice automatically open embedded content

  • CVE-2019-9853Sep 27, 2019
    risk 0.00cvss epss 0.03

    LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and…

  • CVE-2019-9852Aug 15, 2019
    risk 0.00cvss epss 0.02

    LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of…

Page 1 of 2