Vulnerabilities (CVE)

Filtered by vendor Libreoffice Subscribe
Filtered by product Libreoffice
Total 60 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-9852 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2024-11-21 6.8 MEDIUM 7.8 HIGH
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2018-16858, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed. However this new protection could be bypassed by a URL encoding attack. In the fixed versions, the parsed url describing the script location is correctly encoded before further processing. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.
CVE-2019-9851 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.
CVE-2019-9850 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from script event handers. However an insufficient url validation vulnerability in LibreOffice allowed malicious to bypass that protection and again trigger calling LibreLogo from script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.
CVE-2019-9849 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5.
CVE-2019-9848 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5.
CVE-2019-9847 3 Apple, Libreoffice, Microsoft 3 Macos, Libreoffice, Windows 2024-11-21 6.8 MEDIUM 7.8 HIGH
A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable target is unconditionally launched. Under Windows and macOS when processing a hyperlink target explicitly activated by the user there was no judgment made on whether the target was an executable file, so such executable targets were launched unconditionally. This issue affects: All LibreOffice Windows and macOS versions prior to 6.1.6; LibreOffice Windows and macOS versions in the 6.2 series prior to 6.2.3.
CVE-2018-6871 4 Canonical, Debian, Libreoffice and 1 more 9 Ubuntu Linux, Debian Linux, Libreoffice and 6 more 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.
CVE-2018-18688 11 Apple, Code-industry, Foxitsoftware and 8 more 16 Macos, Master Pdf Editor, Foxit Reader and 13 more 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annotations, Body Updates are displayed to the user without any action by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects LibreOffice, Master PDF Editor, Nitro Pro, Nitro Reader, Nuance Power PDF Standard, PDF Editor 6 Pro, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, Perfect PDF 10 Premium, and Perfect PDF Reader.
CVE-2018-16858 1 Libreoffice 1 Libreoffice 2024-11-21 7.5 HIGH 7.8 HIGH
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.
CVE-2018-14939 1 Libreoffice 1 Libreoffice 2024-11-21 7.5 HIGH 9.8 CRITICAL
The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site.
CVE-2018-10583 5 Apache, Canonical, Debian and 2 more 7 Openoffice, Ubuntu Linux, Debian Linux and 4 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.
CVE-2018-10120 4 Canonical, Debian, Libreoffice and 1 more 6 Ubuntu Linux, Debian Linux, Libreoffice and 3 more 2024-11-21 6.8 MEDIUM 7.8 HIGH
The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record.
CVE-2018-10119 4 Canonical, Debian, Libreoffice and 1 more 6 Ubuntu Linux, Debian Linux, Libreoffice and 3 more 2024-11-21 6.8 MEDIUM 7.8 HIGH
sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format.
CVE-2017-8358 1 Libreoffice 1 Libreoffice 2024-11-21 7.5 HIGH 9.8 CRITICAL
LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpegc.cxx.
CVE-2017-7882 1 Libreoffice 1 Libreoffice 2024-11-21 7.5 HIGH 9.8 CRITICAL
LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx.
CVE-2017-7870 1 Libreoffice 1 Libreoffice 2024-11-21 7.5 HIGH 9.8 CRITICAL
LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx.
CVE-2017-7856 1 Libreoffice 1 Libreoffice 2024-11-21 7.5 HIGH 9.8 CRITICAL
LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source/gdi/svmconverter.cxx.
CVE-2017-14226 2 Libreoffice, Libwpd 2 Libreoffice, Libwpd 2024-11-21 5.0 MEDIUM 7.5 HIGH
WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application.
CVE-2016-4324 3 Canonical, Debian, Libreoffice 3 Ubuntu Linux, Debian Linux, Libreoffice 2024-11-21 6.8 MEDIUM 7.8 HIGH
Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens.
CVE-2016-10327 1 Libreoffice 1 Libreoffice 2024-11-21 7.5 HIGH 9.8 CRITICAL
LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx.