Libreoffice

Libreoffice

62 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2018-16858

Exploit
  • EPSS 92.58%
  • Published 25.03.2019 18:29:00
  • Last modified 21.11.2024 03:53:27

It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice...

9.8

CVE-2018-14939

  • EPSS 0.53%
  • Published 05.08.2018 18:29:00
  • Last modified 21.11.2024 03:50:07

The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and applicat...

7.5

CVE-2018-10583

Exploit
  • EPSS 72.65%
  • Published 01.05.2018 16:29:00
  • Last modified 21.11.2024 03:41:36

An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg with...

7.8

CVE-2018-10120

  • EPSS 0.15%
  • Published 16.04.2018 09:58:10
  • Last modified 21.11.2024 03:40:52

The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overfl...

7.8

CVE-2018-10119

  • EPSS 0.16%
  • Published 16.04.2018 09:58:10
  • Last modified 21.11.2024 03:40:52

sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possib...

9.8

CVE-2018-6871

Exploit
  • EPSS 42.68%
  • Published 09.02.2018 06:29:00
  • Last modified 21.11.2024 04:11:20

LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.

7.5

CVE-2017-14226

  • EPSS 1.72%
  • Published 09.09.2017 08:29:00
  • Last modified 20.04.2025 01:37:25

WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vu...

9.8

CVE-2017-8358

  • EPSS 0.51%
  • Published 30.04.2017 17:59:00
  • Last modified 20.04.2025 01:37:25

LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpegc.cxx.

9.8

CVE-2017-7882

  • EPSS 1.22%
  • Published 15.04.2017 16:59:00
  • Last modified 20.04.2025 01:37:25

LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx.

9.8

CVE-2017-7870

  • EPSS 1.36%
  • Published 14.04.2017 04:59:00
  • Last modified 20.04.2025 01:37:25

LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx.