Debian Libreoffice vulnerabilities

CVE-2025-1080 [HIGH] CVE-2025-1080: libreoffice - LibreOffice supports Office URI Schemes to enable browser integration of LibreOf... LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call int

CVE-2025-14714 [LOW] CVE-2025-14714: libreoffice - An Authentication Bypass vulnerability existed where the application bundled an ... An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle By executing the bundled interpreter directly the attacker's scripts run with the application's TCC privileges In fixed versions parent-constr

CVE-2025-2866 [LOW] CVE-2025-2866: libreoffice - Improper Verification of Cryptographic Signature vulnerability in LibreOffice al... Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation. In the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause invalid signatures to be accepted as valid This issue affects LibreOffice: from 24.8 before < 24.8.6, from 25.2 before <

CVE-2025-0514 [HIGH] CVE-2025-0514: libreoffice - Improper Input Validation vulnerability in The Document Foundation LibreOffice a... Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targets to be executed unconditionally on activation.This issue affects LibreOffice: from 24.8 before < 24.8.5. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2024-7788 [HIGH] CVE-2024-7788: libreoffice - Improper Digital Signature Invalidation  vulnerability in Zip Repair Mode of The... Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5. Scope: local bookworm: resolved (fixed in 4:7.4.7-1+deb12u5) bullseye: resolved (fixed in 1:7.0.4-4+deb11u11) forky: resolved (fixed in 4:24.2

CVE-2024-6472 [HIGH] CVE-2024-6472: libreoffice - Certificate Validation user interface in LibreOffice allows potential vulnerabil... Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened a warning is displayed by LibreOffice before the macro is executed. Previously if verification failed the user could fail to un

CVE-2024-12426 [MEDIUM] CVE-2024-12426: libreoffice - Exposure of Environmental Variables and arbitrary INI file values to an Unauthor... Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remote server on opening a document containing such links. This issue

CVE-2024-3044 [MEDIUM] CVE-2024-3044: libreoffice - Unchecked script execution in Graphic on-click binding in affected LibreOffice v... Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted. Scope: local bookworm: resolved (fixed in 4:7.4.7-1+deb12u2) bullseye: res

CVE-2024-12425 [LOW] CVE-2024-12425: libreoffice - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v... Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font files. This issue affects LibreOffice: from 24.8 before < 24.8.4.

CVE-2024-5261 [CRITICAL] CVE-2024-5261: libreoffice - Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mo... Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification LibreOfficeKit can be used for accessing LibreOffice functionality through C/C++. Typically this is used by third party components to reuse LibreOffice as a library to convert, view or otherwise interact with documents. LibreOffice interna

CVE-2023-0950 [HIGH] CVE-2023-0950: libreoffice - Improper Validation of Array Index vulnerability in the spreadsheet component of... Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed

CVE-2023-6185 [HIGH] CVE-2023-6185: libreoffice - Improper Input Validation vulnerability in GStreamer integration of The Document... Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installe

CVE-2023-6186 [HIGH] CVE-2023-6186: libreoffice - Insufficient macro permission validation of The Document Foundation LibreOffice ... Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user. Scope: local bookworm: resolved (fixed in 4:7.4.7-1+deb12u1)

CVE-2023-2255 [MEDIUM] CVE-2023-2255: libreoffice - Improper access control in editor components of The Document Foundation LibreOff... Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for perm

CVE-2022-38745 [HIGH] CVE-2022-38745: libreoffice - Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry... Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory. Scope: local bookworm: resolved (fixed in 1:7.3.1-1) bullseye: resolved (fixed in 1:7.0.4-4+deb11u6) forky: resolved (fixed in 1:7.3.1-1) sid: resolved (fixed in 1:7.3.1-1) trixie: resolved

CVE-2022-26305 [HIGH] CVE-2022-26305: libreoffice - An Improper Certificate Validation vulnerability in LibreOffice existed where de... An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. This is not sufficient to verify that the macro was actually signed with the certificate. An adversary could t

CVE-2022-26306 [HIGH] CVE-2022-26306: libreoffice - LibreOffice supports the storage of passwords for web connections in the user’s ... LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if a

CVE-2022-26307 [HIGH] CVE-2022-26307: libreoffice - LibreOffice supports the storage of passwords for web connections in the user’s ... LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulerable to a brute force at

CVE-2022-3140 [MEDIUM] CVE-2022-3140: libreoffice - LibreOffice supports Office URI Schemes to enable browser integration of LibreOf... LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated

CVE-2021-33035 [HIGH] CVE-2021-33035: libreoffice - Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadshee... Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the allocated space, leading to the execution of arbitrary code by alte