Security Advisories

Addressed in LibreOffice 24.2.4

CVE-2024-5261 TLS certificate are not properly verified when utilizing LibreOfficeKit

Addressed in LibreOffice 7.6.7/24.2.3

CVE-2024-3044 Graphic on-click binding allows unchecked script execution

Addressed in LibreOffice 7.6.4/7.5.9

CVE-2023-6186 Link targets allow arbitrary script execution

Addressed in LibreOffice 7.6.3/7.5.9

CVE-2023-6185 Improper input validation enabling arbitrary Gstreamer pipeline injection

Addressed in LibreOffice 7.4.7/7.5.3

CVE-2023-2255 Remote documents loaded without prompt via IFrame

Addressed in LibreOffice 7.4.6/7.5.1

CVE-2023-0950 Array Index UnderFlow in Calc Formula Parsing

Addressed in LibreOffice 7.3.6/7.4.1

CVE-2022-3140 Macro URL arbitrary script execution

Addressed in LibreOffice 7.2.7/7.3.3

CVE-2022-26306 Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password

CVE-2022-26307 Weak Master Keys

Addressed in LibreOffice 7.2.7/7.3.2

CVE-2022-26305 Execution of Untrusted Macros Due to Improper Certificate Validation

Addressed in LibreOffice 7.2.6/7.3.1

CVE-2022-38745 Empty entry in Java class path risks arbitrary code execution

Addressed in LibreOffice 7.2.5/7.3.0

CVE-2021-25636 Incorrect trust validation of signature with ambiguous KeyInfo children

Addressed in LibreOffice 7.0.6/7.1.3

CVE-2021-25632 fileloc extension added to macOS executable denylist

Addressed in LibreOffice 7.0.6/7.1.2

CVE-2021-25633 Content Manipulation with Double Certificate Attack

CVE-2021-25634 Timestamp Manipulation with Signature Wrapping

Addressed in LibreOffice 7.0.5/7.1.2

CVE-2021-25631 Denylist of executable filename extensions possible to bypass under windows

Addressed in LibreOffice 7.0.5/7.1.1

CVE-2021-25635 Content Manipulation with Certificate Validation Attack

Addressed in LibreOffice 6.4.4

CVE-2020-12802 remote graphics contained in docx format retrieved in 'stealth mode'

CVE-2020-12803 XForms submissions could overwrite local files

Addressed in LibreOffice 6.3.6/6.4.3

CVE-2020-12801 Crash-recovered MSOffice encrypted documents defaulted to not to using encryption on next save

Addressed in LibreOffice 6.2.7/6.3.1

CVE-2019-9854 Unsafe URL assembly flaw in allowed script location check

CVE-2019-9855 Windows 8.3 path equivalence handling flaw allows LibreLogo script execution

Addressed in LibreOffice 6.2.6/6.3.1

CVE-2019-9853 Insufficient URL decoding flaw in categorizing macro location

Addressed in LibreOffice 6.2.6/6.3.0

CVE-2019-9850 Insufficient url validation allowing LibreLogo script execution

CVE-2019-9851 LibreLogo global-event script execution

CVE-2019-9852 Insufficient URL encoding flaw in allowed script location check

Addressed in LibreOffice 6.2.5

CVE-2019-9848 LibreLogo arbitrary script execution

CVE-2019-9849 remote bullet graphics retrieved in 'stealth mode'

Addressed in LibreOffice 6.1.6/6.2.3

CVE-2019-9847 Executable hyperlink targets executed unconditionally on activation

Addressed in LibreOffice 6.0.7/6.1.3

CVE-2018-16858 Directory traversal flaw in script execution

Addressed in LibreOffice 5.4.7/6.0.4

CVE-2018-10583 Information disclosure via SMB link embedded in ODF document

Fixed in LibreOffice 5.4.6/6.0.2

CVE-2018-10120 Heap Buffer Overflow in MSWord Customizations parsing

Fixed in LibreOffice 5.4.5/6.0.1

CVE-2018-1055 Remote arbitrary file disclosure vulnerability via WEBSERVICE formula

CVE-2018-10119 Use After Free in Structured Storage parser

Fixed in LibreOffice 5.2.5/5.3.0

CVE-2017-7870 Heap-buffer-overflow in WMF filter

CVE-2016-10327 Heap-buffer-overflow in EMF filter

Fixed during development

CVE-2017-7856 Heap-buffer-overflow in SVM filter

CVE-2017-7882 Heap-buffer-overflow in HWP filter

CVE-2017-8358 Heap-buffer-overflow in JPG filter

Fixed in LibreOffice 5.1.6/5.2.2/5.3.0

CVE-2017-3157 Arbitrary file disclosure in Calc and Writer

Fixed in LibreOffice 5.1.4/5.2.0

CVE-2016-4324 Dereference of invalid STL iterator on processing RTF file

Fixed in LibreOffice 5.0.5/5.1.0

CVE-2016-0795 LotusWordPro Bounds overflows in LwpTocSuperLayout processing

Fixed in LibreOffice 5.0.4/5.1.0

CVE-2016-0794 LotusWordPro Multiple bounds overflows in lwp filter

Fixed in LibreOffice 5.0.2/5.1.0

CVE-2017-12607 Out-of-Bounds Write in Impress' PPT Filter

CVE-2017-12608 Out-of-Bounds Write in Writer's ImportOldFormatStyles

Fixed in LibreOffice 4.4.6/5.0.1

CVE-2015-5214 DOC Bookmark Status Memory Corruption

Fixed in LibreOffice 4.4.5/5.0.0

CVE-2015-4551 Arbitrary file disclosure in Calc and Writer

CVE-2015-5212 ODF Integer Underflow (PrinterSetup Length)

CVE-2015-5213 DOC piecetable Integer Overflow

Fixed in LibreOffice 4.3.7/4.4.2

CVE-2015-1774 Out of bounds write in HWP file filter

Fixed in LibreOffice 4.2.7/4.3.3

CVE-2014-3693 Use-After-Free in socket manager of Impress Remote

Fixed in LibreOffice 4.2.6-secfix/4.3.1

CVE-2014-3524 CSV Command Injection and DDE formulas

CVE-2014-3575 Arbitrary File Disclosure using crafted OLE objects

Fixed in LibreOffice 4.2.5

CVE-2014-0247 Microsoft Office VBA Macro Execution

Fixed in LibreOffice 3.6.7

CVE-2013-4156 Microsoft .docm Denial Of Service

Fixed in LibreOffice 3.5.7

CVE-2012-4233 Multiple file format denial of service vulnerabilities

Fixed in LibreOffice 3.5.5

CVE-2012-2665 Multiple heap-based buffer overflows in the XML manifest encryption handling code

Fixed in LibreOffice 3.5.3

CVE-2012-1149 Integer overflows in graphic object loading

CVE-2012-2334 Integer overflow flaw with malformed PPT files

Fixed in LibreOffice 3.4.6/3.5.1

CVE-2012-0037 XML Entity Expansion flaw by processing RDF file

Fixed in LibreOffice 3.4.3:

CVE-2011-2713 Multiple vulnerabilities in the 'Microsoft Word' (doc) binary file format importer

CVE-2013-2189 Microsoft .doc Memory Corruption Vulnerability

CVE-2017-9806 Out-of-Bounds Write in Writer's WW8Fonts Constructor

Fixed in LibreOffice 3.3.3/3.4.0:

CVE-2011-2685 Multiple vulnerabilities in the 'Lotus Word Pro' (lwp) file format importer

Third Party Advisories

Fixed in LibreOffice 7.6.2/7.5.7

CVE-2023-4863 libwebp: Heap buffer overflow in libwebp < 1.3.2

Fixed in LibreOffice 7.4.6/7.5.1

CVE-2023-1183 Arbitrary File Write in hsqldb 1.8.0

Fixed in LibreOffice 7.1.8/7.2.4

CVE-2021-43527 Memory corruption via DER-encoded DSA and RSA-PSS signatures

Fixed in LibreOffice 4.2.3

CVE-2014-0160 & more (a set of vulnerabilities) TLS heartbeat read overrun (4.1 line not affected)

Fixed in LibreOffice 4.1.5/4.2.0

CVE-2013-1752 & CVE-2013-4238 Python Multiple Vulnerabilities

Fixed in all versions

CVE-2022-41853 hsqldb: Untrusted input may lead to RCE attack. No version of LibreOffice is affected by this. Addressed by solution used for similar CVE-2007-4575

CVE-2021-44228 Apache Log4j Remote Code Execution Vulnerability, not a bug in LibreOffice

CVE-2018-14939 overflow at realpath, not a bug in LibreOffice

CVE-2012-2149 libwpd: Memory overwrite flaw by processing certain WordPerfect (WPD). No version of LibreOffice is affected by this.