Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): LibreOffice
- Search Type: Search All
- Match: Exact
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-9852 |
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2018-16858, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed. However this new protection could be bypassed by a URL encoding attack. In the fixed versions, the parsed url describing the script location is correctly encoded before further processing. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6. Published: August 15, 2019; 6:15:22 PM -0400 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-9851 |
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6. Published: August 15, 2019; 6:15:22 PM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-9850 |
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from script event handers. However an insufficient url validation vulnerability in LibreOffice allowed malicious to bypass that protection and again trigger calling LibreLogo from script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6. Published: August 15, 2019; 6:15:22 PM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-9849 |
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5. Published: July 17, 2019; 8:15:10 AM -0400 |
V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2019-9848 |
LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5. Published: July 17, 2019; 8:15:10 AM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-9847 |
A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable target is unconditionally launched. Under Windows and macOS when processing a hyperlink target explicitly activated by the user there was no judgment made on whether the target was an executable file, so such executable targets were launched unconditionally. This issue affects: All LibreOffice Windows and macOS versions prior to 6.1.6; LibreOffice Windows and macOS versions in the 6.2 series prior to 6.2.3. Published: May 09, 2019; 10:29:00 AM -0400 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-16858 |
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location. Published: March 25, 2019; 2:29:00 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-14939 |
The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site. Published: August 05, 2018; 2:29:00 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-10583 |
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. Published: May 01, 2018; 12:29:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-10120 |
The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record. Published: April 16, 2018; 5:58:10 AM -0400 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-10119 |
sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format. Published: April 16, 2018; 5:58:10 AM -0400 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-6871 |
LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. Published: February 09, 2018; 1:29:00 AM -0500 |
V3.0: 9.8 CRITICAL V2.0: 5.0 MEDIUM |
CVE-2017-14226 |
WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application. Published: September 09, 2017; 4:29:00 AM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-8358 |
LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpegc.cxx. Published: April 30, 2017; 1:59:00 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-7882 |
LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx. Published: April 15, 2017; 12:59:00 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-7870 |
LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx. Published: April 14, 2017; 12:59:00 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-7856 |
LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source/gdi/svmconverter.cxx. Published: April 14, 2017; 12:59:00 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-10327 |
LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx. Published: April 14, 2017; 12:59:00 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-4324 |
Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens. Published: July 08, 2016; 3:59:00 PM -0400 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-0795 |
LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro (lwp) document. Published: February 18, 2016; 4:59:02 PM -0500 |
V3.0: 7.8 HIGH V2.0: 9.3 HIGH |