The Document Foundation Libreoffice vulnerabilities

CVE-2025-14714 [LOW] CWE-288 CVE-2025-14714: An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle By executing the bundled interpreter directly the attacker's scripts run with the application's TCC privileges In fixed version

CVE-2025-2866 [LOW] CWE-347 CVE-2025-2866: Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature S Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation. In the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause invalid signatures to be accepted as valid This issue affects LibreOffice: from 24.8 before < 24.8.6, fro

CVE-2021-25635 [MEDIUM] CWE-295 Content Manipulation with Certificate Validation Attack Content Manipulation with Certificate Validation Attack An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid (or unknown to LibreOffice) algorithm and LibreOffice would incorrectly present such a signature with an unknown algorithm as a valid si

CVE-2025-1080 [HIGH] CWE-20 CVE-2025-1080: LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePo LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice coul

CVE-2025-0514 [HIGH] CWE-20 CVE-2025-0514: Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Execut Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targets to be executed unconditionally on activation.This issue affects LibreOffice: from 24.8 before < 24.8.5.

CVE-2024-12426 [MEDIUM] CWE-200 URL fetching can be used to exfiltrate arbitrary INI file values and environment variables URL fetching can be used to exfiltrate arbitrary INI file values and environment variables Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltr

CVE-2024-12425 [LOW] CWE-22 CVE-2024-12425: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font files. This issue affects LibreOffice: from 24.8 befo

CVE-2024-7788 [HIGH] CWE-347 CVE-2024-7788: Improper Digital Signature Invalidation  vulnerability in Zip Repair Mode of The Document Foundation Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5.

CVE-2024-6472 [HIGH] CWE-295 CVE-2024-6472: Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed macr Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened a warning is displayed by LibreOffice before the macro is executed. Previously if verification failed the user co

CVE-2024-5261 [CRITICAL] CWE-295 CVE-2024-5261: Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS cert Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification LibreOfficeKit can be used for accessing LibreOffice functionality through C/C++. Typically this is used by third party components to reuse LibreOffice as a library to convert, view or otherwise interact with documents. LibreO

CVE-2024-3044 [MEDIUM] CWE-356 CVE-2024-3044: Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an at Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.

CVE-2023-6185 [HIGH] CVE-2023-6185: Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOff Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are inst

CVE-2023-6186 [HIGH] CWE-281 CVE-2023-6186: Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker t Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.

CVE-2023-0950 [HIGH] CWE-129 CVE-2023-0950: Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Founda Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less paramet

CVE-2023-2255 [MEDIUM] CWE-264 Remote documents loaded without prompt via IFrame Remote documents loaded without prompt via IFrame Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permissi

CVE-2022-3140 [MEDIUM] CWE-20 CVE-2022-3140: LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePo LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or

CVE-2022-26306 [HIGH] CWE-326 Execution of Untrusted Macros Due to Improper Certificate Validation Execution of Untrusted Macros Due to Improper Certificate Validation LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encry

CVE-2022-26305 [HIGH] CWE-295 CVE-2022-26305: An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. This is not sufficient to verify that the macro was actually signed with the certificate. An advers

CVE-2022-26307 [HIGH] CWE-326 Weak Master Keys Weak Master Keys LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulerable to a brute force attack if an attacker has access to the users stored config. This issue a

CVE-2021-25636 [HIGH] CWE-347 CVE-2021-25636: LibreOffice supports digital signatures of ODF documents and macros within documents, presenting vis LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating t