Latest libreoffice libreoffice Vulnerabilities

CVE-2023-6185
Improper input validation enabling arbitrary Gstreamer pipeline injection
Libreoffice Libreoffice>=7.5.0<7.5.9
Libreoffice Libreoffice>=7.6.0<7.6.3
Fedoraproject Fedora=38
Debian Debian Linux=11.0
Debian Debian Linux=12.0
redhat/LibreOffice<7.5.9
and 7 more
CVE-2023-6186
Link targets allow arbitrary script execution
Libreoffice Libreoffice>=7.5.0<7.5.9
Libreoffice Libreoffice>=7.6.0<7.6.4
Fedoraproject Fedora=38
Debian Debian Linux=11.0
Debian Debian Linux=12.0
redhat/LibreOffice<7.5.9
and 7 more
CVE-2023-2255
Remote documents loaded without prompt via IFrame
Libreoffice Libreoffice>=7.5.0<7.5.3
Libreoffice Libreoffice>=7.4.0<7.4.7
Debian Debian Linux=11.0
debian/libreoffice<=1:6.1.5-3+deb10u7
CVE-2023-0950
Array Index UnderFlow in Calc Formula Parsing
Libreoffice Libreoffice>=7.5.0<7.5.2
Libreoffice Libreoffice>=7.4.0<7.4.6
Debian Debian Linux=10.0
debian/libreoffice<=1:6.1.5-3+deb10u7
CVE-2023-1183
Arbitrary file write
redhat/libreoffice<7.4.6
redhat/libreoffice<7.5.1
Libreoffice Libreoffice=7.5.0
Libreoffice Libreoffice<7.4.6
Fedoraproject Fedora=38
Redhat Enterprise Linux=8.0
and 6 more
CVE-2022-3140
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the...
Libreoffice Libreoffice>=7.3.0<7.3.6
Libreoffice Libreoffice=7.4.0
Debian Debian Linux=11.0
Fedoraproject Fedora=35
debian/libreoffice<=1:6.1.5-3+deb10u7
CVE-2022-26305
An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the...
Libreoffice Libreoffice>=7.2.0<7.2.7
Libreoffice Libreoffice>=7.3.0<7.3.2
CVE-2022-26306
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in Libr...
Libreoffice Libreoffice>=7.2.0<7.2.7
Libreoffice Libreoffice>=7.3.0<7.3.3
Debian Debian Linux=10.0
CVE-2022-26307
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in Libr...
Libreoffice Libreoffice>=7.2.0<7.2.7
Libreoffice Libreoffice>=7.3.0<7.3.3
Debian Debian Linux=10.0
CVE-2021-25636
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature i...
Libreoffice Libreoffice>=7.2.0<7.2.5
Fedoraproject Fedora=34
CVE-2021-25634
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature i...
debian/libreoffice<=1:6.1.5-3+deb10u7<=1:6.1.5-3+deb10u10
Libreoffice Libreoffice>=7.0.0<7.0.6
Libreoffice Libreoffice>=7.1.0<7.1.2
Debian Debian Linux=11.0
CVE-2021-25633
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature i...
debian/libreoffice<=1:6.1.5-3+deb10u7<=1:6.1.5-3+deb10u10
Libreoffice Libreoffice>=7.0.0<7.0.6
Libreoffice Libreoffice>=7.1.0<7.1.2
Debian Debian Linux=11.0
CVE-2021-25631
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist b...
Libreoffice Libreoffice>=7.0.0<7.0.5
Libreoffice Libreoffice>=7.1.0<7.1.2
CVE-2018-18688
The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exis...
Code-industry Master Pdf Editor=5.1.12
Code-industry Master Pdf Editor=5.1.68
Foxitsoftware Foxit Reader=9.4
Foxitsoftware Phantompdf>=9.0<9.4
Foxitsoftware Phantompdf=8.3.9
Gonitro Nitro Pro=11.0.3.173
and 26 more
CVE-2020-12803
XForms submissions could overwrite local files
Libreoffice Libreoffice<6.4.4
openSUSE Leap=15.1
Fedoraproject Fedora=31
CVE-2020-12802
remote graphics contained in docx format retrieved in 'stealth mode'
Libreoffice Libreoffice<6.4.4
Fedoraproject Fedora=31
openSUSE Leap=15.1
openSUSE Leap=15.2
CVE-2020-12801
Crash-recovered MSOffice encrypted documents defaulted to not to using encryption on next save
Libreoffice Libreoffice>=6.3.0<6.3.6
Libreoffice Libreoffice>=6.4.0<6.4.3
openSUSE Leap=15.1
CVE-2012-5639
Apache OpenOffice: Loading internal / external resources without warning
Libreoffice Libreoffice
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Apache OpenOffice
debian/libreoffice<=1:6.1.5-3+deb10u7<=1:6.1.5-3+deb10u11<=1:7.0.4-4+deb11u7<=1:7.0.4-4+deb11u8<=4:7.4.7-1<=4:7.4.7-1+deb12u1<=4:24.2.0~rc2-2
CVE-2019-9853
LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw exist...
redhat/LibreOffice<6.2.6
redhat/LibreOffice<6.3.1
Libreoffice Libreoffice>=6.2.0<6.2.6
Libreoffice Libreoffice>=6.3.0<6.3.1
CVE-2019-9854
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to s...
Libreoffice Libreoffice>=6.2.0<6.2.7
Libreoffice Libreoffice>=6.3.0<6.3.1
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.04
Debian Debian Linux=8.0
and 13 more
CVE-2019-9851
A vulnerability was found in LibreOffice prior to 6.2.6. LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands cont...
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.04
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 11 more
CVE-2019-9850
A vulnerability was found in LibreOffice prior to 6.2.6. LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands cont...
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.04
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 12 more
CVE-2019-9852
A vulnerability was found in LibreOffice prior to 6.2.6. LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, do...
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.04
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 11 more
CVE-2019-9849
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who wa...
Libreoffice Libreoffice<6.2.5
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.04
Fedoraproject Fedora=29
Fedoraproject Fedora=30
and 9 more
CVE-2019-9848
LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python c...
Libreoffice Libreoffice<6.2.5
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.04
Fedoraproject Fedora=29
Fedoraproject Fedora=30
and 9 more
CVE-2018-16858
A flaw was found in libreoffice. If a document does not contain macros/scripts, but references a pre-installed macro/script execution of those macros/scripts, execution is allowed without warning bypa...
Libreoffice Libreoffice<6.0.7
Libreoffice Libreoffice>=6.1.0<6.1.3
redhat/libreoffice<6.0.7
redhat/libreoffice<6.1.3
ubuntu/libreoffice<6.0.7
ubuntu/libreoffice<1:5.1.6~
and 2 more
CVE-2018-14939
The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause...
Libreoffice Libreoffice<=6.0.5

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203