Vulnerabilities > Libreoffice

DATE CVE VULNERABILITY TITLE RISK
2021-05-03 CVE-2021-25631 Unspecified vulnerability in Libreoffice 7.0.4/7.1.0/7.1.1
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type.
network
libreoffice
critical
9.3
2021-01-07 CVE-2018-18688 Improper Verification of Cryptographic Signature vulnerability in multiple products
The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures.
5.0
2020-06-08 CVE-2020-12803 Improper Input Validation vulnerability in multiple products
ODF documents can contain forms to be filled out by the user.
4.3
2020-06-08 CVE-2020-12802 Information Exposure vulnerability in multiple products
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources.
4.3
2020-05-18 CVE-2020-12801 Missing Encryption of Sensitive Data vulnerability in Libreoffice
If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted.
network
low complexity
libreoffice CWE-311
5.0
2019-12-20 CVE-2012-5639 Improper Input Validation vulnerability in multiple products
LibreOffice and OpenOffice automatically open embedded content
4.3
2019-09-27 CVE-2019-9853 Improper Encoding or Escaping of Output vulnerability in Libreoffice
LibreOffice documents can contain macros.
6.8
2019-09-06 CVE-2019-9855 Channel and Path Errors vulnerability in Libreoffice
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from.
network
low complexity
libreoffice microsoft CWE-417
7.5
2019-09-06 CVE-2019-9854 Path Traversal vulnerability in multiple products
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc.
6.8
2019-08-15 CVE-2019-9852 Path Traversal vulnerability in multiple products
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc.
network
low complexity
debian fedoraproject libreoffice CWE-22
7.5