Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Libreoffice
(Libreoffice)Repositories |
• https://github.com/LibreOffice/core
• https://github.com/dajobe/raptor |
#Vulnerabilities | 59 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2012-06-21 | CVE-2012-1149 | Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow. | Openoffice\.org, Debian_linux, Fedora, Libreoffice, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_workstation | N/A | ||
2012-08-06 | CVE-2012-2665 | Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four. | Openoffice, Ubuntu_linux, Debian_linux, Libreoffice, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_power_big_endian, Enterprise_linux_server, Enterprise_linux_server_from_rhui_6, Enterprise_linux_workstation | N/A | ||
2014-07-03 | CVE-2014-0247 | LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx. | Ubuntu_linux, Fedora, Libreoffice, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | N/A | ||
2014-11-07 | CVE-2014-3693 | Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599. | Ubuntu_linux, Libreoffice, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | N/A | ||
2016-02-18 | CVE-2016-0794 | The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LotusWordPro (lwp) document. | Ubuntu_linux, Libreoffice | 7.8 | ||
2016-02-18 | CVE-2016-0795 | LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro (lwp) document. | Ubuntu_linux, Libreoffice | 7.8 | ||
2019-09-06 | CVE-2019-9855 | LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added to block calling LibreLogo from script event handers. However a Windows 8.3 path equivalence handling flaw left LibreOffice... | Libreoffice, Leap | 9.8 | ||
2014-08-26 | CVE-2014-3524 | Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet. | Openoffice, Libreoffice | N/A | ||
2014-08-27 | CVE-2014-3575 | The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects. | Openoffice, Libreoffice, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | N/A | ||
2015-04-28 | CVE-2015-1774 | The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write. | Openoffice, Ubuntu_linux, Debian_linux, Fedora, Libreoffice, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | N/A |