Holger Fuhrmannek discovered that missing input sanitising in the Graphite font rendering engine could result in the execution of arbitrary code. http://www.talosintel.com/reports/TALOS-2016-0058/ After looking for information about the version of libreoffice that fixes this issue, I could not find any indication of such a patch, assuming the issue still exists in libreoffice. Sorry if this is a duplicate.
For master: https://cgit.freedesktop.org/libreoffice/core/commit/?id=c64ea526dc71da6e3aad188ac71e58047ed74b5a For 5-1 (should be already in 5.1.1 RC1): https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-1&id=f26f5226542c8a707eda3dcd8a9f81fbbf0342c0 For 5-0 (towards 5.0.6): https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-0&id=d2ef084eb0e26b5ee18133269249e7a80efb23d6 Note that Linux distros usually build against system graphite, so it's up to them to update it.