Vulnerabilities > Libreoffice > Libreoffice > 7.5.1

DATE CVE VULNERABILITY TITLE RISK
2023-12-11 CVE-2023-6185 Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.
network
low complexity
libreoffice fedoraproject debian
8.8
8.8
2023-12-11 CVE-2023-6186 Improper Preservation of Permissions vulnerability in multiple products
Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.
network
low complexity
libreoffice fedoraproject debian CWE-281
8.8
8.8
2023-05-25 CVE-2023-0950 Improper Validation of Array Index vulnerability in multiple products
Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded.
local
low complexity
libreoffice debian CWE-129
7.8
7.8
2023-05-25 CVE-2023-2255 Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt.
network
low complexity
libreoffice debian
5.3
5.3