Vulnerabilities > Libreoffice > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-05-03 CVE-2021-25631 Unspecified vulnerability in Libreoffice 7.0.4/7.1.0/7.1.1
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type.
network
libreoffice
critical
 9.3
9.3
2019-09-06 CVE-2019-9855 Channel and Path Errors vulnerability in multiple products
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from.
network
low complexity
libreoffice opensuse CWE-417
critical
 9.8
9.8
2019-08-15 CVE-2019-9851 Improper Input Validation vulnerability in multiple products
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from.
network
low complexity
debian canonical opensuse fedoraproject libreoffice CWE-20
critical
 9.8
9.8
2019-08-15 CVE-2019-9850 Improper Input Validation vulnerability in multiple products
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from.
network
low complexity
debian canonical opensuse fedoraproject libreoffice CWE-20
critical
 9.8
9.8
2019-07-17 CVE-2019-9848 Code Injection vulnerability in multiple products
LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc.
network
low complexity
libreoffice canonical fedoraproject debian opensuse CWE-94
critical
 9.8
9.8
2014-08-26 CVE-2014-3524 Command Injection vulnerability in multiple products
Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet.
network
apache libreoffice CWE-77
critical
 9.3
9.3
2011-07-21 CVE-2011-2685 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libreoffice
Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary code via a crafted .lwp file.
network
libreoffice CWE-119
critical
 9.3
9.3