cbcvebase.

The Document Foundation Libreoffice vulnerabilities

26 known vulnerabilities affecting the_document_foundation/libreoffice.

Total CVEs
26
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH13MEDIUM11LOW1

Vulnerabilities

Page 1 of 2
CVE-2023-6185P2HIGHCVSS 8.8≥ 7.5, < 7.5.9≥ 7.6, < 7.6.32023-12-11
CVE-2023-6185 [HIGH] CVE-2023-6185: Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOff Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are inst
nvd
CVE-2024-5261P3CRITICALCVSS 9.8≥ 24.2, < 24.2.42024-06-25
CVE-2024-5261 [CRITICAL] CWE-295 CVE-2024-5261: Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS cert Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification LibreOfficeKit can be used for accessing LibreOffice functionality through C/C++. Typically this is used by third party components to reuse LibreOffice as a library to convert, view or otherwise interact with documents. LibreO
nvd
CVE-2023-6186P3HIGHCVSS 8.8≥ 7.5, < 7.5.9≥ 7.6, < 7.6.42023-12-11
CVE-2023-6186 [HIGH] CWE-281 CVE-2023-6186: Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker t Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.
nvd
CVE-2021-25631P3HIGHCVSS 8.8≥ 7.1, < 7.1.2≥ 7.0, < 7.0.52021-05-03
CVE-2021-25631 [HIGH] CWE-184 CVE-2021-25631: In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type.
nvd
CVE-2022-26305P3HIGHCVSS 7.5≥ 7.2, < 7.2.7≥ 7.3, < 7.3.12022-07-25
CVE-2022-26305 [HIGH] CWE-295 CVE-2022-26305: An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. This is not sufficient to verify that the macro was actually signed with the certificate. An advers
nvd
CVE-2021-25636P3HIGHCVSS 7.5≥ 7.2, < 7.2.52022-02-24
CVE-2021-25636 [HIGH] CWE-347 CVE-2021-25636: LibreOffice supports digital signatures of ODF documents and macros within documents, presenting vis LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating t
nvd
CVE-2022-3140P3MEDIUMCVSS 6.3≥ 7.4, < 7.4.1≥ 7.3, < 7.3.62022-10-11
CVE-2022-3140 [MEDIUM] CWE-20 CVE-2022-3140: LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePo LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or
nvd
CVE-2025-1080P3HIGHCVSS 7.8≥ 24.8, < < 24.8.5≥ 25.2, < < 25.2.12025-03-04
CVE-2025-1080 [HIGH] CWE-20 CVE-2025-1080: LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePo LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice coul
nvd
CVE-2023-0950P3HIGHCVSS 7.8≥ 7.4, < 7.4.6≥ 7.5, < 7.5.12023-05-25
CVE-2023-0950 [HIGH] CWE-129 CVE-2023-0950: Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Founda Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less paramet
nvd
CVE-2026-8357P3HIGHCVSS 7.8≥ 26.2, < < 26.2.42026-06-15
CVE-2026-8357 [HIGH] CWE-193 CVE-2026-8357: LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed w LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element past its end. In fixed versions the array is sized to hold t
nvd
CVE-2026-4430P3HIGHCVSS 7.8≥ 26.2, < 26.2.3≥ 25.8, < 25.8.72026-05-07
CVE-2026-4430 [HIGH] CWE-787 CVE-2026-4430: Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7.
nvd
CVE-2026-6040P3HIGHCVSS 7.3≥ 25.8, < < 25.8.7≥ 26.2, < < 26.2.32026-06-15
CVE-2026-6040 [HIGH] CWE-416 CVE-2026-6040: A heap use-after-free existed when importing the blank-width characters of an ODF number format. A p A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed versions the position is bounds-checked before use.
nvd
CVE-2024-6472P3HIGHCVSS 7.8≥ 24.2, < 24.2.52024-08-05
CVE-2024-6472 [HIGH] CWE-295 CVE-2024-6472: Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed macr Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened a warning is displayed by LibreOffice before the macro is executed. Previously if verification failed the user could
nvd
CVE-2025-0514P3HIGHCVSS 7.8≥ 24.8, < < 24.8.52025-02-25
CVE-2025-0514 [HIGH] CWE-20 CVE-2025-0514: Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Execut Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targets to be executed unconditionally on activation.This issue affects LibreOffice: from 24.8 before < 24.8.5.
nvd
CVE-2024-3044P3MEDIUMCVSS 6.5≥ 7.6, < 7.6.7≥ 24.2, < 24.2.32024-05-14
CVE-2024-3044 [MEDIUM] CWE-356 CVE-2024-3044: Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an at Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.
nvd
CVE-2024-7788P4HIGHCVSS 7.8≥ 24.2, < < 24.2.52024-09-17
CVE-2024-7788 [HIGH] CWE-347 CVE-2024-7788: Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5.
nvd
CVE-2020-12803P4MEDIUMCVSS 6.5≥ unspecified, < 6.4.42020-06-08
CVE-2020-12803 [MEDIUM] CWE-20 CVE-2020-12803: ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained f ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need for macros or other active scripting Prior to version 6.
nvd
CVE-2025-14714P4MEDIUMCVSS 6.5≥ 25.2, < < 25.2.42025-12-15
CVE-2025-14714 [MEDIUM] CWE-288 CVE-2025-14714: An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle By executing the bundled interpreter directly the attacker's scripts run with the application's TCC privileges In fixed vers
nvd
CVE-2020-12802P4MEDIUMCVSS 5.3≥ unspecified, < 6.4.42020-06-08
CVE-2020-12802 [MEDIUM] CWE-200 CVE-2020-12802: LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where remote graphic links loaded from docx documents
nvd
CVE-2020-12801P4MEDIUMCVSS 5.3≥ 6-3 series, < 6.3.6≥ 6-4 series, < 6.4.32020-05-18
CVE-2020-12801 [MEDIUM] CWE-311 CVE-2020-12801: If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice's default ODF file format, then affected versions of L
nvd
The Document Foundation Libreoffice vulnerabilities | cvebase