CVE-2026-4430

>= 25.8.0.0 and < 25.8.7.0

Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption sa

7.8HIGH

CVE-2025-14714

>= 25.2.0.1 and < 25.2.4.1

An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparenc

6.5MEDIUM

CVE-2025-2866

>= 24.8.0.1 and < 24.8.6.0

Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation

5.5MEDIUM

CVE-2021-25635

>= 7.0.0 and < 7.0.5.1

An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signatur

5.5MEDIUM

CVE-2025-1080

>= 24.8.0.0 and < 24.8.5.1

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional sche

7.8HIGH

CVE-2025-0514

>= 24.8.0.0 and < 24.8.5.1

Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targets to be

7.8HIGH

CVE-2024-12426

>= 24.8.0.1 and < 24.8.4

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundatio

6.5MEDIUM

CVE-2024-12425

>= 24.8.0.1 and < 24.8.4

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffic

3.3LOW

CVE-2024-7788

>= 24.2.0 and < 24.2.5

Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature

7.8HIGH

CVE-2024-6472

>= 24.2.0.0 and < 24.2.5.1

Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed macros are scripts that have been

7.8HIGH

CVE-2024-5261

< 24.2.4

Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification LibreO

9.8CRITICAL

CVE-2024-3044

< 7.6.7.1

Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document wh

6.5MEDIUM

CVE-2023-6186

>= 7.5.0 and < 7.5.9

Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros with

8.3HIGH

CVE-2023-6185

>= 7.5.0 and < 7.5.9

Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to exec

8.3HIGH

CVE-2023-1183

< 7.4.6

A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT comman

5.0MEDIUM

CVE-2023-2255

>= 7.4.0 and < 7.4.7

Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that w

5.3MEDIUM

CVE-2023-0950

>= 7.4.0 and < 7.4.6

Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an att

7.8HIGH

CVE-2022-3140

>= 7.3.0 and < 7.3.6

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional sche

6.3MEDIUM

CVE-2022-26307

>= 7.2.0 and < 7.2.7

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are

8.8HIGH

CVE-2022-26306

>= 7.2.0 and < 7.2.7

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are

7.5HIGH

CVE-2022-26305

>= 7.2.0 and < 7.2.7

An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted autho

7.5HIGH

CVE-2021-25636

>= 7.2.0 and < 7.2.5

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of

7.5HIGH

CVE-2021-25634

>= 7.0.0 and < 7.0.6

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of

7.5HIGH

CVE-2021-25633

>= 7.0.0 and < 7.0.6

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of

7.5HIGH

CVE-2021-25631

>= 7.0.0 and < 7.0.5

In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be ci

8.8HIGH

CVE-2018-18688

all versions

The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to valid

5.3MEDIUM

CVE-2020-12803

< 6.4.4

ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a

6.5MEDIUM

CVE-2020-12802

< 6.4.4

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources.

5.3MEDIUM

CVE-2020-12801

>= 6.3.0 and < 6.3.6

If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers t

5.3MEDIUM

CVE-2012-5639

all versions

LibreOffice and OpenOffice automatically open embedded content

6.5MEDIUM

CVE-2019-9853

>= 6.2.0 and < 6.2.6

LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically

7.8HIGH

CVE-2019-9855

>= 6.2.0 and < 6.2.7

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python

9.8CRITICAL

CVE-2019-9854

>= 6.2.0 and < 6.2.7

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as m

7.8HIGH

CVE-2019-9852

< 6.2.6

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as m

7.8HIGH

CVE-2019-9851

< 6.2.6

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python

9.8CRITICAL

CVE-2019-9850

< 6.2.6

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python

9.8CRITICAL

CVE-2019-9849

< 6.2.5

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources.

4.3MEDIUM

CVE-2019-9848

< 6.2.5

LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such a

9.8CRITICAL

CVE-2019-9847

< 6.1.6

A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to th

7.8HIGH

CVE-2018-16858

< 6.0.7

It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used t

7.8HIGH

CVE-2018-14939

<= 6.0.5

The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain e

9.8CRITICAL

CVE-2018-10583

all versions

An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and

7.5HIGH

CVE-2018-10120

< 5.4.6.1

The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does n

7.8HIGH

CVE-2018-10119

< 5.4.5.1

sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the Stg

7.8HIGH

CVE-2018-6871

< 5.4.5

LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document,

9.8CRITICAL

CVE-2017-14226

<= 5.3.6

WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote

7.5HIGH

CVE-2017-8358

<= 5.2.6

LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function i

9.8CRITICAL

CVE-2017-7882

<= 5.2.6

LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx

9.8CRITICAL

CVE-2017-7870

<= 5.3.0.0

LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Ins

9.8CRITICAL

CVE-2017-7856

<= 5.2.6.1

LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFr

9.8CRITICAL

CVE-2016-10327

<= 5.3.0.0

LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadE

9.8CRITICAL

CVE-2016-4324

<= 5.1.3

Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file,

7.8HIGH

CVE-2016-0795

<= 5.0.4

LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified oth

7.8HIGH

CVE-2016-0794

<= 5.0.3

The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a denial of service (memory corruption) or possibly ha

7.8HIGH

CVE-2015-5214

<= 4.4.5

LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of serv

CVE-2015-5213

<= 4.4.4

Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of servi

CVE-2015-5212

<= 4.4.4

Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer set

CVE-2015-4551

<= 4.4.4

LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocume

CVE-2015-1774

<= 4.3.6

The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to ca

CVE-2014-9093

<= 4.3.4

LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly exe

CVE-2014-3693

all versions

Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows

CVE-2014-3575

< 4.2.6

The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitr

CVE-2014-3524

< 4.2.6

Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact vi

CVE-2014-0247

all versions

LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related

CVE-2012-4233

<= 3.6

LibreOffice 3.5.x before 3.5.7.2 and 3.6.x before 3.6.1, and OpenOffice.org (OOo), allows remote attackers to cause a denial of se

CVE-2012-2665

< 3.5.5

Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice be

CVE-2012-1149

<= 3.5.2

Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3

CVE-2012-2334

<= 3.5.2

Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffi

CVE-2012-0037

< 3.4.6

Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5

6.5MEDIUM

CVE-2011-2713

<= 3.4.2

oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows user-assisted remote attackers to cause a denial of service (

CVE-2011-2685

<= 3.3.2

Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arb