Vulnerabilities > Libreoffice

DATE CVE VULNERABILITY TITLE RISK
2018-05-01 CVE-2018-10583 Information Exposure vulnerability in multiple products
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.
network
low complexity
libreoffice apache debian redhat canonical CWE-200
7.5
2018-04-16 CVE-2018-10120 Improper Validation of Array Index vulnerability in multiple products
The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record.
local
low complexity
debian libreoffice redhat canonical CWE-129
7.8
2018-04-16 CVE-2018-10119 Use After Free vulnerability in multiple products
sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format.
local
low complexity
libreoffice debian redhat canonical CWE-416
7.8
2018-02-09 CVE-2018-6871 LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.
network
low complexity
libreoffice debian canonical redhat
critical
9.8
2017-09-09 CVE-2017-14226 Out-of-bounds Read vulnerability in multiple products
WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp).
network
low complexity
libreoffice libwpd CWE-125
7.5
2017-04-30 CVE-2017-8358 Out-of-bounds Write vulnerability in Libreoffice
LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpegc.cxx.
network
low complexity
libreoffice CWE-787
critical
9.8
2017-04-15 CVE-2017-7882 Out-of-bounds Write vulnerability in Libreoffice
LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx.
network
low complexity
libreoffice CWE-787
critical
9.8
2017-04-14 CVE-2017-7870 Out-of-bounds Write vulnerability in Libreoffice
LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx.
network
low complexity
libreoffice CWE-787
critical
9.8
2017-04-14 CVE-2017-7856 Out-of-bounds Write vulnerability in Libreoffice
LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source/gdi/svmconverter.cxx.
network
low complexity
libreoffice CWE-787
critical
9.8
2017-04-14 CVE-2016-10327 Out-of-bounds Write vulnerability in Libreoffice
LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx.
network
low complexity
libreoffice CWE-787
critical
9.8