Search for packages
| purl | pkg:deb/debian/libreoffice@0?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-2hqv-dn95-vqd5 | libreoffice: heap-based buffer overflow related to the ReadJPEG function |
CVE-2017-8358
|
| VCID-4kzn-nb3d-e3c8 | Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification LibreOfficeKit can be used for accessing LibreOffice functionality through C/C++. Typically this is used by third party components to reuse LibreOffice as a library to convert, view or otherwise interact with documents. LibreOffice internally makes use of "curl" to fetch remote resources such as images hosted on webservers. In affected versions of LibreOffice, when used in LibreOfficeKit mode only, then curl's TLS certification verification was disabled (CURLOPT_SSL_VERIFYPEER of false) In the fixed versions curl operates in LibreOfficeKit mode the same as in standard mode with CURLOPT_SSL_VERIFYPEER of true. This issue affects LibreOffice before version 24.2.4. |
CVE-2024-5261
|
| VCID-6zer-5gyz-d7aa | libreoffice: Heap-buffer-overflow in HWPFile::TagsRead |
CVE-2017-7882
|
| VCID-8yqv-n1gc-tqaz | LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added to block calling LibreLogo from script event handers. However a Windows 8.3 path equivalence handling flaw left LibreOffice vulnerable under Windows that a document could trigger executing LibreLogo via a Windows filename pseudonym. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1. |
CVE-2019-9855
|
| VCID-c44v-29b9-tyd8 | LibreOffice: LibreOffice: Authentication Bypass leading to privilege escalation via bundled interpreter execution |
CVE-2025-14714
|
| VCID-ghfh-sgdt-yybw | libreoffice: Content Manipulation with Certificate Validation Attack |
CVE-2021-25635
|
| VCID-jst3-88yh-mbh7 | libreoffice: Heap-buffer-overflow in SVMConverter::ImplConvertFromSVM1 |
CVE-2017-7856
|
| VCID-nffq-52a8-3yg9 | In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type. |
CVE-2021-25631
|
| VCID-r9rr-pmtt-5ycm | libreoffice: Executable hyperlink Windows path targets executed unconditionally on activation |
CVE-2025-0514
|
| VCID-rg7y-m6nm-m7df | libreoffice: Use of realpath() in desktop/unx/source/start.c:get_app_path() allows for potential buffer overflow |
CVE-2018-14939
|
| VCID-z8wr-nnv1-euhx | A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable target is unconditionally launched. Under Windows and macOS when processing a hyperlink target explicitly activated by the user there was no judgment made on whether the target was an executable file, so such executable targets were launched unconditionally. This issue affects: All LibreOffice Windows and macOS versions prior to 6.1.6; LibreOffice Windows and macOS versions in the 6.2 series prior to 6.2.3. |
CVE-2019-9847
|