Search for packages
| purl | pkg:deb/debian/libreoffice@4:26.2.2.2-3?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-11vv-gd2v-2qhk | libreoffice: Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password |
CVE-2022-26306
|
| VCID-135z-ajc9-buhx | libreoffice: Memory corruption when parsing invalid PLCF data by processing certain DOC files |
CVE-2013-2189
|
| VCID-15h8-ucrr-kqbb | A vulnerability in OpenOffice Impress could cause memory corruption. |
CVE-2016-1513
|
| VCID-1981-p3m3-sfhe | Multiple vulnerabilities have been found in LibreOffice, the worst of which could result in user-assisted code execution. |
CVE-2023-6185
|
| VCID-1vte-fcdx-nfcd | libreoffice: crash recovered MSOffice encrypted documents defaulted to not to using encryption on next save |
CVE-2020-12801
|
| VCID-1ykj-3m3w-1fez | libreoffice: create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic |
CVE-2024-3044
|
| VCID-2hqv-dn95-vqd5 | libreoffice: heap-based buffer overflow related to the ReadJPEG function |
CVE-2017-8358
|
| VCID-2p1p-4t4u-kyd8 | Multiple vulnerabilities have been found in both LibreOffice and OpenOffice allowing remote attackers to execute arbitrary code or cause Denial of Service. |
CVE-2014-9093
|
| VCID-3kcp-zzcm-kfc9 | security update |
CVE-2019-9853
|
| VCID-4kzn-nb3d-e3c8 | Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification LibreOfficeKit can be used for accessing LibreOffice functionality through C/C++. Typically this is used by third party components to reuse LibreOffice as a library to convert, view or otherwise interact with documents. LibreOffice internally makes use of "curl" to fetch remote resources such as images hosted on webservers. In affected versions of LibreOffice, when used in LibreOfficeKit mode only, then curl's TLS certification verification was disabled (CURLOPT_SSL_VERIFYPEER of false) In the fixed versions curl operates in LibreOfficeKit mode the same as in standard mode with CURLOPT_SSL_VERIFYPEER of true. This issue affects LibreOffice before version 24.2.4. |
CVE-2024-5261
|
| VCID-4y7m-x49j-f3gg | security update |
CVE-2017-12608
|
| VCID-5j4w-jaa8-7kae | Multiple vulnerabilities have been found in OpenOffice and LibreOffice, the worst of which may result in execution of arbitrary code. |
CVE-2014-0247
|
| VCID-5rdw-edhu-qbhf | security update |
CVE-2019-9854
|
| VCID-6zer-5gyz-d7aa | libreoffice: Heap-buffer-overflow in HWPFile::TagsRead |
CVE-2017-7882
|
| VCID-71cy-5hgf-skdr | Multiple vulnerabilities have been found in LibreOffice, the worst of which allows for the remote execution of arbitrary code. |
CVE-2016-10327
|
| VCID-7du8-skt4-dkew | Multiple vulnerabilities have been found in both LibreOffice and OpenOffice allowing remote attackers to execute arbitrary code or cause Denial of Service. |
CVE-2015-1774
|
| VCID-7y9n-6x5a-k3eg | Multiple vulnerabilities have been found in LibreOffice, the worst of which could result in user-assisted code execution. |
CVE-2023-6186
|
| VCID-886d-gwa2-6bcf | security update |
CVE-2017-12607
|
| VCID-8yqv-n1gc-tqaz | LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added to block calling LibreLogo from script event handers. However a Windows 8.3 path equivalence handling flaw left LibreOffice vulnerable under Windows that a document could trigger executing LibreLogo via a Windows filename pseudonym. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1. |
CVE-2019-9855
|
| VCID-91c1-yujx-zbft | libreoffice: Incorrect trust validation of signature with ambiguous KeyInfo children |
CVE-2021-25636
|
| VCID-acx5-dxzt-nqap | Multiple vulnerabilities have been found in OpenOffice and LibreOffice, the worst of which may result in execution of arbitrary code. |
CVE-2012-2665
|
| VCID-b13x-6q14-gfau | libreoffice: Timestamp Manipulation with Signature Wrapping |
CVE-2021-25634
|
| VCID-b79q-fg8n-vbf8 | When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation. |
CVE-2018-11790
|
| VCID-by33-ugtg-47hx | Multiple vulnerabilities have been found in both LibreOffice and OpenOffice allowing remote attackers to execute arbitrary code or cause Denial of Service. |
CVE-2015-4551
|
| VCID-bywq-ypgf-xyae | A vulnerability has been discovered in LibreOffice which could result in arbitrary script execution via crafted links. |
CVE-2022-3140
|
| VCID-c1fx-u5yh-jucb | security update |
CVE-2019-9850
|
| VCID-c44v-29b9-tyd8 | LibreOffice: LibreOffice: Authentication Bypass leading to privilege escalation via bundled interpreter execution |
CVE-2025-14714
|
| VCID-drkj-da54-jfgd | Multiple vulnerabilities have been found in both LibreOffice and OpenOffice allowing remote attackers to execute arbitrary code or cause Denial of Service. |
CVE-2014-3693
|
| VCID-dt65-hb25-t7ck | libreoffice: 'stealth mode' remote resource restrictions bypass |
CVE-2020-12802
|
| VCID-e911-8nez-yfb7 | libreoffice: Arbitrary file disclosure in Calc and Writer |
CVE-2017-3157
|
| VCID-ghfh-sgdt-yybw | libreoffice: Content Manipulation with Certificate Validation Attack |
CVE-2021-25635
|
| VCID-heyv-v6k9-jke9 | libreoffice: multiple null pointer dereference flaws |
CVE-2012-4233
|
| VCID-hnaa-96w8-3uhu | libreoffice: Execution of Untrusted Macros Due to Improper Certificate Validation |
CVE-2022-26305
|
| VCID-jew4-uq9k-93b3 | libreoffice: Empty entry in Java class path |
CVE-2022-38745
|
| VCID-jmtk-qy9f-z3hu | security update |
CVE-2018-10120
|
| VCID-jst3-88yh-mbh7 | libreoffice: Heap-buffer-overflow in SVMConverter::ImplConvertFromSVM1 |
CVE-2017-7856
|
| VCID-k36c-4eyp-p7hq | Multiple vulnerabilities have been found in LibreOffice, the worst of which could result in the arbitrary execution of code. |
CVE-2019-9848
|
| VCID-k3cz-81fc-sbg7 | Multiple vulnerabilities have been found in both LibreOffice and OpenOffice, the worst of which allows for the remote execution of arbitrary code. |
CVE-2016-4324
|
| VCID-k6mn-jky6-wqg2 | Multiple vulnerabilities have been found in LibreOffice, the worst of which could result in user-assisted code execution. |
CVE-2024-12425
|
| VCID-kx13-c2d7-nke3 | libreoffice: Macro URL arbitrary script execution |
CVE-2025-1080
|
| VCID-ma9t-qst9-xbcm | libreoffice: Ability to trust not validated macro signatures removed in high security mode |
CVE-2024-6472
|
| VCID-mfqa-v61r-gqcb | Multiple vulnerabilities have been found in LibreOffice, the worst of which allows for the remote execution of arbitrary code. |
CVE-2017-7870
|
| VCID-n34y-vynb-qbae | libreoffice: Weak Master Keys |
CVE-2022-26307
|
| VCID-nffq-52a8-3yg9 | In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type. |
CVE-2021-25631
|
| VCID-pc43-5jvh-fbe2 | security update |
CVE-2019-9852
|
| VCID-pkz4-5wxb-5qdc | Multiple vulnerabilities have been found in LibreOffice, the worst of which could result in the arbitrary execution of code. |
CVE-2019-9849
|
| VCID-qk3g-3v3d-pqcb | Multiple vulnerabilities have been found in OpenOffice and LibreOffice, the worst of which may result in execution of arbitrary code. |
CVE-2012-1149
|
| VCID-qt46-94xf-eyaz | security update |
CVE-2018-16858
|
| VCID-r8k2-18at-6ygp | libreoffice: NULL pointer dereference when parsing certain DOCM documents |
CVE-2013-4156
|
| VCID-r9rr-pmtt-5ycm | libreoffice: Executable hyperlink Windows path targets executed unconditionally on activation |
CVE-2025-0514
|
| VCID-rcfd-vww8-b7hz | Multiple vulnerabilities have been found in OpenOffice and LibreOffice, the worst of which may result in execution of arbitrary code. |
CVE-2012-2334
|
| VCID-re5e-qp85-ybdd | libreoffice: Content Manipulation with Double Certificate Attack |
CVE-2021-25633
|
| VCID-rg7y-m6nm-m7df | libreoffice: Use of realpath() in desktop/unx/source/start.c:get_app_path() allows for potential buffer overflow |
CVE-2018-14939
|
| VCID-rgnx-vba7-c7ay | libreoffice: Out-of-bounds write in the WW8Fonts::WW8Fonts functionality |
CVE-2017-9806
|
| VCID-sega-433y-v7bb | security update |
CVE-2019-9851
|
| VCID-sm5e-dqg4-r3br | filter): Multiple stack buffer overflows when processing certain LWP files (VU#953183) |
CVE-2011-2685
|
| VCID-sqwy-enu1-1uep | security update |
CVE-2018-10119
|
| VCID-txaq-r51k-k3gn | Multiple vulnerabilities have been found in both LibreOffice and OpenOffice allowing remote attackers to execute arbitrary code or cause Denial of Service. |
CVE-2015-5212
|
| VCID-u1ry-xuyn-77fm | Multiple vulnerabilities have been discovered in LibreOffice, the worst of which could lead to code execution. |
CVE-2023-0950
|
| VCID-u2z4-zcay-uufy | Multiple vulnerabilities have been found in both LibreOffice and OpenOffice allowing remote attackers to execute arbitrary code or cause Denial of Service. |
CVE-2015-5214
|
| VCID-u6wr-a1wv-byax | libreoffice: improper digital signature invalidation vulnerability |
CVE-2024-7788
|
| VCID-us6f-vsb9-83ck | A vulnerability in LibreOffice might allow remote attackers to read arbitrary files. |
CVE-2018-6871
|
| VCID-w6ze-2zem-p3ev | Multiple vulnerabilities have been found in LibreOffice, the worst of which could result in user-assisted code execution. |
CVE-2024-12426
|
| VCID-xe1u-3snm-bka7 | security update |
CVE-2016-0795
|
| VCID-xkby-5yru-97gd | LibreOffice: PDF signature forgery with adbe.pkcs7.sha1 SubFilter |
CVE-2025-2866
|
| VCID-xr5b-gdek-kqgy | Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the allocated space, leading to the execution of arbitrary code by altering the contents of the program stack. This issue affects Apache OpenOffice up to and including version 4.1.10 |
CVE-2021-33035
|
| VCID-y2ja-v9xa-k7af | libreoffice: forms allowed to be submitted to any URI could result in local file overwrite |
CVE-2020-12803
|
| VCID-yfrn-ay4p-t7cp | security update |
CVE-2016-0794
|
| VCID-yg74-q3xa-tkcx | Multiple vulnerabilities have been found in both LibreOffice and OpenOffice allowing remote attackers to execute arbitrary code or cause Denial of Service. |
CVE-2015-5213
|
| VCID-yzgn-avaw-akcn | Multiple vulnerabilities have been found in OpenOffice and LibreOffice, the worst of which may result in execution of arbitrary code. |
CVE-2011-2713
|
| VCID-z8wr-nnv1-euhx | A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable target is unconditionally launched. Under Windows and macOS when processing a hyperlink target explicitly activated by the user there was no judgment made on whether the target was an executable file, so such executable targets were launched unconditionally. This issue affects: All LibreOffice Windows and macOS versions prior to 6.1.6; LibreOffice Windows and macOS versions in the 6.2 series prior to 6.2.3. |
CVE-2019-9847
|
| VCID-zh9v-egc2-ufc5 | Multiple vulnerabilities have been discovered in LibreOffice, the worst of which could lead to code execution. |
CVE-2023-2255
|