Skip to main content

Libreoffice

69 CVEs product

Monthly

CVE-2026-8358 MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice Calc's tracked-changes importer allows an attacker who delivers a maliciously crafted spreadsheet to corrupt heap memory, causing high-impact availability loss and potentially enabling arbitrary code execution at the victim's privilege level. The vulnerability is triggered when a document reuses the same change identifier for two structurally different change types, causing the importer to misidentify object size and write past the allocation boundary. A proof-of-concept exists (CVSS 4.0 E:P modifier); no confirmed active exploitation (CISA KEV) has been recorded at time of analysis.

Memory Corruption Buffer Overflow Libreoffice Red Hat Suse
NVD VulDB
CVSS 4.0
5.4
EPSS
0.1%
CVE-2026-8357 MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice Calc's formula compiler allows an attacker to trigger an out-of-bounds write by crafting a spreadsheet containing a formula with extreme nesting depth composed of many consecutive opening tokens. The vulnerability stems from an off-by-one allocation error in the nesting-depth tracking array, causing a single-element write past the buffer's end during file parsing. The CVSS 4.0 vector carries an E:P modifier indicating a proof-of-concept exists; no public exploit identified at time of analysis beyond the POC, and the vulnerability is not listed in CISA KEV.

Memory Corruption Buffer Overflow Libreoffice
NVD VulDB
CVSS 4.0
5.4
EPSS
0.1%
CVE-2026-8356 MEDIUM PATCH This Month

Stack buffer overflow in LibreOffice's legacy binary PPT importer allows a crafted presentation file to corrupt stack memory, causing application crash or potential arbitrary code execution under the victim's user context. The flaw affects all LibreOffice versions when importing PPT files containing a colour-replacement record whose combined colour counts across two parsing passes exceed the fixed-size stack-allocated colour tables. No public exploit has been confirmed actively exploited (not in CISA KEV), though the CVSS 4.0 supplemental E:P metric indicates proof-of-concept code exists, elevating this above a purely theoretical risk.

Memory Corruption Buffer Overflow Libreoffice Red Hat Suse
NVD VulDB
CVSS 4.0
5.4
EPSS
0.1%
CVE-2026-6047 MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice's OOXML (DOCX) import component allows a specially crafted document to corrupt memory when processing text box elements, with high availability impact and limited confidentiality and integrity exposure. The flaw stems from a type confusion during deferred parser event replay: a handler object assumed to be a larger type is written to at that type's field layout, but the actual object may be smaller, causing the write to land past the end of the heap allocation. A proof-of-concept exploit exists (CVSS 4.0 E:P); no confirmed active exploitation is recorded in CISA KEV at time of analysis.

Memory Corruption Buffer Overflow Libreoffice Red Hat Suse
NVD VulDB
CVSS 4.0
5.4
EPSS
0.1%
CVE-2026-6045 MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice's EMF+ graphics importer enables memory corruption when a user opens a specially crafted document containing a malicious gradient brush. The root cause is an integer overflow in the multiplication used to compute a heap allocation size from an attacker-controlled gradient blend point count - resulting in an undersized buffer that is subsequently written as if it were full-sized. A proof of concept exists (CVSS 4.0 E:P supplemental metric), no confirmed active exploitation is recorded, and impact spans process crash to potential arbitrary code execution within the LibreOffice session.

Memory Corruption Buffer Overflow Libreoffice Red Hat Suse
NVD VulDB
CVSS 4.0
5.4
EPSS
0.1%
CVE-2026-6040 MEDIUM PATCH This Month

Heap use-after-free in LibreOffice's ODF number format parser allows memory corruption when a user opens a crafted document containing a malformed number format string. The flaw arises because a position value embedded in the document is consumed without validation against the actual length of the format-code string, causing the parser to reference stale or out-of-bounds heap memory. Publicly available exploit code exists (CVSS 4.0 E:P), and while no active exploitation is confirmed via CISA KEV, the low attack complexity and document-phishing delivery model make this a realistic targeted threat.

Use After Free Memory Corruption Information Disclosure Libreoffice
NVD VulDB
CVSS 4.0
5.4
EPSS
0.1%
CVE-2026-6039 MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice's DXF import engine allows a crafted CAD file to corrupt process memory when a polyline with more than 65,535 points is parsed. The root cause is an integer truncation defect: the point count read from the DXF file is narrowed to a 16-bit value when sizing the heap allocation, but the original, un-truncated count drives the subsequent write loop - any polyline exceeding 65,535 points overflows the undersized buffer. A proof-of-concept exists (CVSS 4.0 E:P), exploitation requires passive user interaction (opening a malicious DXF file), and no active exploitation has been confirmed in CISA KEV at time of analysis.

Memory Corruption Buffer Overflow Libreoffice Red Hat Suse
NVD VulDB
CVSS 4.0
5.4
EPSS
0.1%
CVE-2025-2866 LOW Monitor

Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Libreoffice
NVD
CVSS 4.0
2.4
EPSS
0.1%
CVE-2021-25635 MEDIUM PATCH This Month

An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required.

Information Disclosure Libreoffice Red Hat Suse
NVD
CVSS 4.0
5.2
EPSS
0.1%
CVE-2025-1080 HIGH PATCH This Week

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. Rated high severity (CVSS 7.2), this vulnerability is no authentication required. No vendor patch available.

Microsoft Information Disclosure Libreoffice Debian Linux Red Hat +1
NVD
CVSS 4.0
7.2
EPSS
0.1%
CVE-2025-0514 HIGH This Week

Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targets to be executed unconditionally on activation.8 before < 24.8.5. Rated high severity (CVSS 7.2), this vulnerability is no authentication required. No vendor patch available.

Microsoft Information Disclosure Libreoffice Windows Red Hat
NVD
CVSS 4.0
7.2
EPSS
0.0%
CVE-2024-12426 MEDIUM PATCH This Month

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Debian Linux Red Hat Suse
NVD
CVSS 4.0
6.7
EPSS
0.5%
CVE-2024-12425 LOW Monitor

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Libreoffice Debian Linux
NVD
CVSS 4.0
2.4
EPSS
0.4%
CVE-2024-7788 HIGH This Week

Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOffice2 before < 24.2.5. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Libreoffice
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-6472 HIGH This Week

Certificate Validation user interface in LibreOffice allows potential vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-5261 CRITICAL Act Now

Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification LibreOfficeKit can be used for accessing LibreOffice functionality through. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice
NVD
CVSS 4.0
10.0
EPSS
0.4%
CVE-2023-6186 HIGH This Week

Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Fedora Debian Linux
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-6185 HIGH This Week

Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Fedora Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-1183 MEDIUM PATCH This Month

A flaw was found in the Libreoffice package. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Libreoffice Fedora Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
64.6%
CVE-2023-2255 MEDIUM This Month

Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Libreoffice Debian Linux
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2023-0950 HIGH This Week

Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Libreoffice Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-3140 MEDIUM This Month

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Libreoffice Debian Linux Fedora
NVD
CVSS 3.1
6.3
EPSS
4.4%
CVE-2022-26307 HIGH This Week

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-26306 HIGH This Week

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Debian Linux
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-26305 HIGH This Week

An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Libreoffice
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-25634 HIGH This Week

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Debian Linux
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-25633 HIGH This Week

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Debian Linux
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-25631 HIGH POC This Week

In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libreoffice
NVD
CVSS 3.1
8.8
EPSS
4.2%
CVE-2020-12803 MEDIUM This Month

ODF documents can contain forms to be filled out by the user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Leap Fedora
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2020-12802 MEDIUM This Month

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Fedora Leap
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2020-12801 MEDIUM This Month

If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libreoffice Leap
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2019-9853 HIGH This Week

LibreOffice documents can contain macros. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Libreoffice
NVD
CVSS 3.1
7.8
EPSS
3.2%
CVE-2019-9855 CRITICAL Act Now

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Python Information Disclosure Libreoffice Leap
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2019-9854 HIGH This Week

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Python Libreoffice Ubuntu Linux Debian Linux +3
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2019-9852 HIGH PATCH This Week

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Path Traversal Python Ubuntu Linux Debian Linux Fedora +2
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2019-9851 CRITICAL POC THREAT Emergency

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Ubuntu Linux Debian Linux Fedora +2
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
78.3%
CVE-2019-9850 CRITICAL Act Now

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Python Ubuntu Linux Debian Linux Fedora +2
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2019-9849 MEDIUM This Month

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Ubuntu Linux Fedora Debian Linux +1
NVD
CVSS 3.1
4.3
EPSS
3.1%
CVE-2019-9848 CRITICAL Act Now

LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Python RCE Libreoffice Ubuntu Linux +3
NVD
CVSS 3.1
9.8
EPSS
31.2%
CVE-2019-9847 HIGH This Week

A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Apple Information Disclosure Libreoffice
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-14939 CRITICAL Act Now

The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Libreoffice
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-10583 HIGH POC THREAT This Week

An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Apache Information Disclosure Libreoffice Openoffice +5
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
78.7%
CVE-2018-10120 HIGH PATCH This Week

The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Denial Of Service Buffer Overflow Debian Linux Libreoffice +4
NVD
CVSS 3.0
7.8
EPSS
2.1%
CVE-2018-10119 HIGH PATCH This Week

sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Libreoffice Debian Linux +4
NVD
CVSS 3.0
7.8
EPSS
2.0%
CVE-2018-6871 CRITICAL POC PATCH THREAT Act Now

LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Libreoffice Debian Linux Ubuntu Linux +6
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
23.2%
CVE-2017-14226 HIGH PATCH This Week

WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Libreoffice Libwpd
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2017-8358 CRITICAL PATCH Act Now

LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpegc.cxx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Libreoffice
NVD GitHub
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-7882 CRITICAL PATCH Act Now

LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Libreoffice
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2017-7870 CRITICAL PATCH Act Now

LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Libreoffice
NVD GitHub
CVSS 3.0
9.8
EPSS
1.3%
CVE-2017-7856 CRITICAL PATCH Act Now

LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source/gdi/svmconverter.cxx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Libreoffice
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2016-10327 CRITICAL PATCH Act Now

LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Libreoffice
NVD GitHub
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-4324 HIGH This Week

Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Debian Linux Libreoffice Ubuntu Linux
NVD
CVSS 3.0
7.8
EPSS
0.7%
CVE-2016-0795 HIGH This Week

LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Libreoffice Ubuntu Linux
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2016-0794 HIGH This Week

The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LotusWordPro (lwp) document. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Libreoffice Ubuntu Linux
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2015-5214 MEDIUM This Month

LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 35.6% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Apache Ubuntu Linux +3
NVD
CVSS 2.0
6.8
EPSS
35.6%
CVE-2015-5213 MEDIUM This Month

Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 22.8% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Apache Ubuntu Linux +3
NVD
CVSS 2.0
6.8
EPSS
22.8%
CVE-2015-5212 MEDIUM This Month

Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 49.6% and no vendor patch available.

Integer Overflow Denial Of Service Buffer Overflow RCE Apache +4
NVD
CVSS 2.0
6.8
EPSS
49.6%
CVE-2015-4551 MEDIUM This Month

LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Apache Libreoffice Ubuntu Linux Debian Linux +1
NVD
CVSS 2.0
4.3
EPSS
9.6%
CVE-2015-1774 MEDIUM This Month

The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow RCE Apache +8
NVD
CVSS 2.0
6.8
EPSS
9.7%
CVE-2014-9093 HIGH This Week

LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Denial Of Service Libreoffice Fedora Ubuntu Linux +1
NVD
CVSS 2.0
7.5
EPSS
3.3%
CVE-2014-3693 HIGH PATCH This Week

Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation +3
NVD
CVSS 2.0
7.5
EPSS
4.3%
CVE-2014-3575 MEDIUM This Month

The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Apache Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation +2
NVD
CVSS 2.0
4.3
EPSS
9.9%
CVE-2014-3524 CRITICAL Act Now

Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 10.7% and no vendor patch available.

Command Injection Apache Openoffice Libreoffice
NVD
CVSS 2.0
9.3
EPSS
10.7%
CVE-2014-0247 CRITICAL Act Now

LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fedora Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation +3
NVD
CVSS 2.0
10.0
EPSS
6.6%
CVE-2012-4233 MEDIUM This Month

LibreOffice 3.5.x before 3.5.7.2 and 3.6.x before 3.6.1, and OpenOffice.org (OOo), allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted (1) odt file to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Libreoffice Openoffice Org
NVD
CVSS 2.0
4.3
EPSS
2.5%
CVE-2012-2665 HIGH This Week

Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption RCE Openoffice +10
NVD
CVSS 2.0
7.5
EPSS
5.0%
CVE-2012-1149 HIGH PATCH This Week

Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service RCE Libreoffice Debian Linux +8
NVD
CVSS 2.0
7.5
EPSS
1.2%
CVE-2012-2334 MEDIUM POC This Month

Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE Openoffice Org Libreoffice
NVD
CVSS 2.0
6.8
EPSS
8.5%
CVE-2012-0037 MEDIUM POC PATCH This Month

Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Raptor Libreoffice Openoffice Fedora +9
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice Calc's tracked-changes importer allows an attacker who delivers a maliciously crafted spreadsheet to corrupt heap memory, causing high-impact availability loss and potentially enabling arbitrary code execution at the victim's privilege level. The vulnerability is triggered when a document reuses the same change identifier for two structurally different change types, causing the importer to misidentify object size and write past the allocation boundary. A proof-of-concept exists (CVSS 4.0 E:P modifier); no confirmed active exploitation (CISA KEV) has been recorded at time of analysis.

Memory Corruption Buffer Overflow Libreoffice +2
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice Calc's formula compiler allows an attacker to trigger an out-of-bounds write by crafting a spreadsheet containing a formula with extreme nesting depth composed of many consecutive opening tokens. The vulnerability stems from an off-by-one allocation error in the nesting-depth tracking array, causing a single-element write past the buffer's end during file parsing. The CVSS 4.0 vector carries an E:P modifier indicating a proof-of-concept exists; no public exploit identified at time of analysis beyond the POC, and the vulnerability is not listed in CISA KEV.

Memory Corruption Buffer Overflow Libreoffice
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Stack buffer overflow in LibreOffice's legacy binary PPT importer allows a crafted presentation file to corrupt stack memory, causing application crash or potential arbitrary code execution under the victim's user context. The flaw affects all LibreOffice versions when importing PPT files containing a colour-replacement record whose combined colour counts across two parsing passes exceed the fixed-size stack-allocated colour tables. No public exploit has been confirmed actively exploited (not in CISA KEV), though the CVSS 4.0 supplemental E:P metric indicates proof-of-concept code exists, elevating this above a purely theoretical risk.

Memory Corruption Buffer Overflow Libreoffice +2
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice's OOXML (DOCX) import component allows a specially crafted document to corrupt memory when processing text box elements, with high availability impact and limited confidentiality and integrity exposure. The flaw stems from a type confusion during deferred parser event replay: a handler object assumed to be a larger type is written to at that type's field layout, but the actual object may be smaller, causing the write to land past the end of the heap allocation. A proof-of-concept exploit exists (CVSS 4.0 E:P); no confirmed active exploitation is recorded in CISA KEV at time of analysis.

Memory Corruption Buffer Overflow Libreoffice +2
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice's EMF+ graphics importer enables memory corruption when a user opens a specially crafted document containing a malicious gradient brush. The root cause is an integer overflow in the multiplication used to compute a heap allocation size from an attacker-controlled gradient blend point count - resulting in an undersized buffer that is subsequently written as if it were full-sized. A proof of concept exists (CVSS 4.0 E:P supplemental metric), no confirmed active exploitation is recorded, and impact spans process crash to potential arbitrary code execution within the LibreOffice session.

Memory Corruption Buffer Overflow Libreoffice +2
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Heap use-after-free in LibreOffice's ODF number format parser allows memory corruption when a user opens a crafted document containing a malformed number format string. The flaw arises because a position value embedded in the document is consumed without validation against the actual length of the format-code string, causing the parser to reference stale or out-of-bounds heap memory. Publicly available exploit code exists (CVSS 4.0 E:P), and while no active exploitation is confirmed via CISA KEV, the low attack complexity and document-phishing delivery model make this a realistic targeted threat.

Use After Free Memory Corruption Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice's DXF import engine allows a crafted CAD file to corrupt process memory when a polyline with more than 65,535 points is parsed. The root cause is an integer truncation defect: the point count read from the DXF file is narrowed to a 16-bit value when sizing the heap allocation, but the original, un-truncated count drives the subsequent write loop - any polyline exceeding 65,535 points overflows the undersized buffer. A proof-of-concept exists (CVSS 4.0 E:P), exploitation requires passive user interaction (opening a malicious DXF file), and no active exploitation has been confirmed in CISA KEV at time of analysis.

Memory Corruption Buffer Overflow Libreoffice +2
NVD VulDB
EPSS 0% CVSS 2.4
LOW Monitor

Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Libreoffice
NVD
EPSS 0% CVSS 5.2
MEDIUM PATCH This Month

An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required.

Information Disclosure Libreoffice Red Hat +1
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. Rated high severity (CVSS 7.2), this vulnerability is no authentication required. No vendor patch available.

Microsoft Information Disclosure Libreoffice +3
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targets to be executed unconditionally on activation.8 before < 24.8.5. Rated high severity (CVSS 7.2), this vulnerability is no authentication required. No vendor patch available.

Microsoft Information Disclosure Libreoffice +2
NVD
EPSS 1% CVSS 6.7
MEDIUM PATCH This Month

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Debian Linux +2
NVD
EPSS 0% CVSS 2.4
LOW Monitor

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Libreoffice Debian Linux
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOffice2 before < 24.2.5. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Libreoffice
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Certificate Validation user interface in LibreOffice allows potential vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification LibreOfficeKit can be used for accessing LibreOffice functionality through. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Fedora +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Fedora +1
NVD
EPSS 65% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in the Libreoffice package. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Libreoffice Fedora +1
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Libreoffice Debian Linux
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Libreoffice Debian Linux
NVD
EPSS 4% CVSS 6.3
MEDIUM This Month

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Libreoffice +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Debian Linux
NVD
EPSS 1% CVSS 7.5
HIGH This Week

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Debian Linux
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Libreoffice
NVD
EPSS 1% CVSS 7.5
HIGH This Week

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Debian Linux
NVD
EPSS 1% CVSS 7.5
HIGH This Week

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Debian Linux
NVD
EPSS 4% CVSS 8.8
HIGH POC This Week

In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libreoffice
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

ODF documents can contain forms to be filled out by the user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Leap +1
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Fedora +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libreoffice Leap
NVD
EPSS 3% CVSS 7.8
HIGH This Week

LibreOffice documents can contain macros. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Libreoffice
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Python Information Disclosure +2
NVD
EPSS 2% CVSS 7.8
HIGH This Week

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Python Libreoffice +5
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Path Traversal Python Ubuntu Linux +4
NVD
EPSS 78% CVSS 9.8
CRITICAL POC THREAT Emergency

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Ubuntu Linux +4
NVD GitHub Exploit-DB
EPSS 3% CVSS 9.8
CRITICAL Act Now

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Python Ubuntu Linux +4
NVD
EPSS 3% CVSS 4.3
MEDIUM This Month

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Ubuntu Linux +3
NVD
EPSS 31% CVSS 9.8
CRITICAL Act Now

LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Python RCE +5
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Apple Information Disclosure +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Libreoffice
NVD
EPSS 79% CVSS 7.5
HIGH POC THREAT This Week

An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Apache Information Disclosure +7
NVD Exploit-DB
EPSS 2% CVSS 7.8
HIGH PATCH This Week

The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Denial Of Service Buffer Overflow +6
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free +6
NVD
EPSS 23% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Libreoffice +8
NVD GitHub Exploit-DB
EPSS 2% CVSS 7.5
HIGH PATCH This Week

WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure +2
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpegc.cxx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Libreoffice
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Libreoffice
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Libreoffice
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source/gdi/svmconverter.cxx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Libreoffice
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Libreoffice
NVD GitHub
EPSS 1% CVSS 7.8
HIGH This Week

Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Debian Linux Libreoffice +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Libreoffice +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LotusWordPro (lwp) document. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Libreoffice +1
NVD
EPSS 36% CVSS 6.8
MEDIUM This Month

LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 35.6% and no vendor patch available.

Denial Of Service RCE Buffer Overflow +5
NVD
EPSS 23% CVSS 6.8
MEDIUM This Month

Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 22.8% and no vendor patch available.

Denial Of Service RCE Buffer Overflow +5
NVD
EPSS 50% CVSS 6.8
MEDIUM This Month

Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 49.6% and no vendor patch available.

Integer Overflow Denial Of Service Buffer Overflow +6
NVD
EPSS 10% CVSS 4.3
MEDIUM This Month

LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Apache Libreoffice +3
NVD
EPSS 10% CVSS 6.8
MEDIUM This Month

The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +10
NVD
EPSS 3% CVSS 7.5
HIGH This Week

LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Denial Of Service Libreoffice +3
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Enterprise Linux Desktop +5
NVD
EPSS 10% CVSS 4.3
MEDIUM This Month

The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Apache Enterprise Linux Desktop +4
NVD
EPSS 11% CVSS 9.3
CRITICAL Act Now

Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 10.7% and no vendor patch available.

Command Injection Apache Openoffice +1
NVD
EPSS 7% CVSS 10.0
CRITICAL Act Now

LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fedora Enterprise Linux Desktop +5
NVD
EPSS 3% CVSS 4.3
MEDIUM This Month

LibreOffice 3.5.x before 3.5.7.2 and 3.6.x before 3.6.1, and OpenOffice.org (OOo), allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted (1) odt file to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Libreoffice Openoffice Org
NVD
EPSS 5% CVSS 7.5
HIGH This Week

Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +12
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service RCE +10
NVD
EPSS 9% CVSS 6.8
MEDIUM POC This Month

Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE +2
NVD
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Raptor Libreoffice +11
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy