VYPR
Vendor

The Document Foundation

Products
2
CVEs
36
Across products
36
Status
Private

Products

2

Recent CVEs

36
View all 36 CVEs →
  • CVE-2019-9851CriAug 15, 2019
    risk 0.73cvss 9.8epss 0.78

    LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document…

  • CVE-2019-9848CriJul 17, 2019
    risk 0.66cvss 9.8epss 0.31

    LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into…

  • CVE-2024-5261CriJun 25, 2024
    risk 0.64cvss 9.8epss 0.00

    Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification LibreOfficeKit can be used for accessing LibreOffice functionality through C/C++. Typically this is used by third party components to reuse LibreOffice…

  • CVE-2019-9855CriSep 6, 2019
    risk 0.64cvss 9.8epss 0.03

    LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can…

  • CVE-2019-9850CriAug 15, 2019
    risk 0.64cvss 9.8epss 0.03

    LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can…

  • CVE-2021-25631HigMay 3, 2021
    risk 0.58cvss 8.8epss 0.04

    In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type.

  • CVE-2022-26307HigJul 25, 2022
    risk 0.57cvss 8.8epss 0.01

    LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening…

  • CVE-2023-6186HigDec 11, 2023
    risk 0.54cvss 8.3epss 0.01

    Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated…

  • CVE-2023-6185HigDec 11, 2023
    risk 0.54cvss 8.3epss 0.01

    Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer…

  • CVE-2026-4430HigMay 7, 2026
    risk 0.51cvss 7.8epss 0.00

    Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7.

  • CVE-2025-1080HigMar 4, 2025
    risk 0.51cvss 7.8epss 0.00

    LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could…

  • CVE-2025-0514HigFeb 25, 2025
    risk 0.51cvss 7.8epss 0.00

    Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targets to be executed unconditionally on activation.This issue affects LibreOffice: from 24.8 before < 24.8.5.

  • CVE-2024-7788HigSep 17, 2024
    risk 0.51cvss 7.8epss 0.00

    Improper Digital Signature Invalidation  vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5.

  • CVE-2024-6472HigAug 5, 2024
    risk 0.51cvss 7.8epss 0.00

    Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened a warning is displayed by…

  • CVE-2023-0950HigMay 25, 2023
    risk 0.51cvss 7.8epss 0.00

    Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed…

  • CVE-2021-25630HigFeb 23, 2021
    risk 0.51cvss 7.8epss 0.00

    "loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with privileges, if it's not the case. In the vulnerable version of…

  • CVE-2019-9852HigAug 15, 2019
    risk 0.51cvss 7.8epss 0.02

    LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of…

  • CVE-2022-26306HigJul 25, 2022
    risk 0.49cvss 7.5epss 0.01

    LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was…

  • CVE-2022-26305HigJul 25, 2022
    risk 0.49cvss 7.5epss 0.01

    An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. This is not sufficient to…

  • CVE-2021-25636HigFeb 24, 2022
    risk 0.49cvss 7.5epss 0.01

    LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice…