2923 matches found
CVE-2026-42591
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the LibreOffice conversion endpoint /forms/libreoffice/convert passes uploaded documents directly to LibreOffice without inspecting their content. LibreOffice then fetches any embedded external URLs on its own, completely...
Spree: CSV Formula Injection in Customer Export
Summary CSV formula injection also known as formula injection or CSV injection affects customer export. User-controlled values customer names, email addresses, and shipping addresses. When an administrator opens a crafted Export in Microsoft Excel or LibreOffice Calc, formulas embedded in user da...
Ubuntu 25.10 / 26.04 LTS : LibreOffice vulnerability (USN-8352-1)
The remote Ubuntu 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8352-1 advisory. Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parameters in crafted OOXML documents. An attacker could use thi...
USN-8352-1: LibreOffice vulnerability
Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parameters in crafted OOXML documents. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-8352-1 libreoffice vulnerability
Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parameters in crafted OOXML documents. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code...
Ubuntu 22.04 LTS / 24.04 LTS : LibreOffice vulnerability (USN-8340-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8340-1 advisory. Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parameters in crafted OOXML documents. An attacker could use...
USN-8340-1: LibreOffice vulnerability
Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parameters in crafted OOXML documents. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-8340-1 libreoffice vulnerability
Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parameters in crafted OOXML documents. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code...
Amazon Linux 2 : libreoffice, --advisory ALAS2LIBREOFFICE-2026-008 (ALASLIBREOFFICE-2026-008)
The version of libreoffice installed on the remote host is prior to 5.3.6.1-21. It is, therefore, affected by a vulnerability as referenced in the ALAS2LIBREOFFICE-2026-008 advisory. NOTE: https://www.libreoffice.org/security/cve-2026-4430NOTE:...
Important: libreoffice
Issue Overview: NOTE: https://www.libreoffice.org/security/cve-2026-4430 NOTE: https://git.libreoffice.org/core/+/1ec3db717fa144ddff3e9b0a2338a82355cf365b CVE-2026-4430 Affected Packages: libreoffice Note: This advisory is applicable to Amazon Linux 2 - Libreoffice Extra. Visit this page to learn...
Astra Linux - уязвимость в libreoffice
There was an improper certificate validation vulnerability in LibreOffice, where the determination of whether a macro was signed by a trusted author was based solely on comparing the serial number and issuer string of the used certificate with those of a trusted certificate. This is insufficient ...
Astra Linux - уязвимость в libreoffice
An improper limitation of a pathname to a restricted directory “Path Traversal” vulnerability exists in The Document Foundation LibreOffice. This vulnerability allows for absolute path traversal. An attacker can write to arbitrary locations, even those prefixed with “.ttf”, by providing a file in...
Astra Linux - уязвимость в libreoffice
Exposure of environmental variables and arbitrary INI file values to unauthorized actors is a vulnerability in The Document Foundation LibreOffice. URLs that expand environmental variables or INI file values may lead to potentially sensitive information being exfiltrated to a remote server upon...
Astra Linux - уязвимость в libreoffice
LibreOffice supports digital signatures for ODF documents and macros within documents. It provides visual indicators that confirm that the document has not been altered since the last signature, and that the signature is valid. A vulnerability in certificate validation in LibreOffice allowed...
Astra Linux - уязвимость в libreoffice
LibreOffice supports digital signatures for ODF documents and macros within documents. It provides visual aids to indicate that the document has not been altered since the last signature, and that the signature is valid. A vulnerability in certificate validation in LibreOffice allowed attackers t...
Astra Linux - уязвимость в libreoffice
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted using a single master key provided by the user. There was a flaw in LibreOffice where the required initialization vector for encryption was always the same,...
Astra Linux - уязвимость в libreoffice
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted using a single master key provided by the user. There was a flaw in LibreOffice where the master key was poorly encoded, resulting in a reduction in its entro...
CVE-2026-4430
A flaw was found in LibreOffice. A remote attacker could exploit this out-of-bounds write vulnerability by tricking a user into opening a specially crafted OOXML Office Open XML document with mismatched encryption salt parameters. This could lead to a denial of service DoS, making the application...
Updated libreoffice packages fix security vulnerability
Heap Buffer Overflow in AgileEngine. CVE-2026-4430...
MGASA-2026-0141 Updated libreoffice packages fix security vulnerability
Heap Buffer Overflow in AgileEngine. CVE-2026-4430...