25 matches found
CVE-2026-4430 Heap Buffer Overflow in AgileEngine
Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7...
EUVD-2022-30868
Malicious code in bioql PyPI...
CVE-2024-7788 Signatures in "repair mode" should not be trusted
Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before 24.2.5...
RHEL 9 : libreoffice (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libreoffice: Array index underflow in Calc formula parsing CVE-2023-0950 - Apache OpenOffice versions...
CVE-2023-36268
Rejected reason: DoS issues, or unexploitable crashes, are out of scope for vulnerabilities...
Rocky Linux 8 : libreoffice (RLSA-2024:1514)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1514 advisory. - Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary...
CVE-2023-6185
Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to r...
CVE-2023-6186
CVE-2023-6186 affects LibreOffice. The vulnerability arises from insufficient macro permission validation, enabling certain built-in macros or internal commands to be executed when a user activates hyperlinks that target macros, without explicit user permission. Connected documents corroborate th...
CVE-2023-6186 Link targets allow arbitrary script execution
Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning th...
CVE-2023-6185
CVE-2023-6185 is an Improper Input Validation vulnerability in the GStreamer integration of LibreOffice that may allow an attacker to execute arbitrary GStreamer plugins by not escaping the embedded video filename passed to GStreamer. The issue affects LibreOffice and is discussed in multiple adv...
CVE-2023-6185 Improper input validation enabling arbitrary Gstreamer pipeline injection
Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to r...
GLSA-202311-15 : LibreOffice: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202311-15 LibreOffice: Multiple Vulnerabilities - Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will...
Improper Validation
libreoffice is vulnerable to Improper Validation. The vulnerability exists in the spreadsheet component of The Document Foundation LibreOffice which allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded...
CVE-2023-0950
Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet...
CVE-2023-2255
Summary (CVE-2023-2255) : LibreOffice prior to 7.4.7 and 7.5.x prior to 7.5.3 suffers from improper access control in editor components, enabling a document to cause external links via floating frames to load content without user prompt. Multiple connected sources (Debian DSA-5415-1, Debian DLA-3...
CVE-2023-2255 Remote documents loaded without prompt via IFrame
Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would lo...
CVE-2023-2255
Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would lo...
LibreOffice Trust Management Issue Vulnerability (CNVD-2022-54898)
LibreOffice is an open source office software suite from The Document Foundation tdf. The product includes applications such as Writer text documents, Calc spreadsheets, and Impress presentations.LibreOffice is vulnerable to a trust management issue. An attacker could use this vulnerability to...
CVE-2022-26305 Execution of Untrusted Macros Due to Improper Certificate Validation
An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. This is not sufficient to verify that the...
CVE-2022-26307
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 t...