Vulnerabilities > Libreoffice > Libreoffice > 5.0.1.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-08-05 | CVE-2018-14939 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libreoffice The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site. | 7.5 |
2018-04-16 | CVE-2018-10120 | Improper Validation of Array Index vulnerability in multiple products The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record. | 7.8 |
2018-04-16 | CVE-2018-10119 | Use After Free vulnerability in multiple products sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format. | 7.8 |
2018-02-09 | CVE-2018-6871 | LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. | 5.0 |
2017-09-09 | CVE-2017-14226 | Out-of-bounds Read vulnerability in multiple products WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). | 5.0 |
2017-04-30 | CVE-2017-8358 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libreoffice LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpegc.cxx. | 7.5 |
2017-04-15 | CVE-2017-7882 | Out-of-bounds Write vulnerability in Libreoffice LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx. | 7.5 |
2017-04-14 | CVE-2017-7856 | Out-of-bounds Write vulnerability in Libreoffice LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source/gdi/svmconverter.cxx. | 7.5 |
2016-07-08 | CVE-2016-4324 | Improper Input Validation vulnerability in multiple products Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens. | 6.8 |
2016-02-18 | CVE-2016-0795 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro (lwp) document. | 7.8 |