CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-14939
https://notcve.org/view.php?id=CVE-2018-14939
05 Aug 2018 — The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site. La función get_app_path en desktop/unx/source/start.c en LibreOffice hasta la versión 6.0.5 gestiona... • http://www.securityfocus.com/bid/105047 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 4%CPEs: 10EXPL: 0CVE-2018-10120 – libreoffice: Out of bounds write in filter/ww8/ww8toolbar.cxx:SwCTBWrapper class allows for denial of service with crafted document
https://notcve.org/view.php?id=CVE-2018-10120
15 Apr 2018 — The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record. La función SwCTBWrapper::Read en sw/source/filter/ww8/ww8toolbar.cxx en LibreOffice, en versiones anteriores a la 5.4.6.1 y vers... • https://access.redhat.com/errata/RHSA-2018:3054 • CWE-129: Improper Validation of Array Index CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 4%CPEs: 10EXPL: 0CVE-2018-10119 – libreoffice: Use-after-free in sdstor/stgstrms.cxx:StgSmallStrm class allows for denial of service with crafted document
https://notcve.org/view.php?id=CVE-2018-10119
15 Apr 2018 — sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format. sot/source/sdstor/stgstrms.cxx en LibreOffice, en versiones anteriores a la 5.4.5.1 y versiones 6.x anteriores a la 6.0.1.1, emplea un tipo de dato... • https://access.redhat.com/errata/RHSA-2018:3054 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 12%CPEs: 22EXPL: 3CVE-2018-6871 – LibreOffice < 6.0.1 - '=WEBSERVICE' Remote Arbitrary File Disclosure
https://notcve.org/view.php?id=CVE-2018-6871
08 Feb 2018 — LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. LibreOffice, en versiones anteriores a la 5.4.5 y versiones 6.x anteriores a la 6.0.1, permite que atacantes remotos lean archivos arbitrarios mediante llamadas =WEBSERVICE en un documento, que emplea la función COM.MICROSOFT.WEBSERVICE. A flaw was found in libreoffice before 5.4.5 and before 6.0.1. Arbitrary remote file disclosur... • https://packetstorm.news/files/id/146319 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2017-14226
https://notcve.org/view.php?id=CVE-2017-14226
09 Sep 2017 — WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application. WP1StylesListener.cpp, WP5StylesListener.cpp, y WP42StylesListener.cpp en libwpd 0.10.1 no gestiona iteradores correctamente, lo... • https://bugs.documentfoundation.org/show_bug.cgi?id=112269 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8358
https://notcve.org/view.php?id=CVE-2017-8358
30 Apr 2017 — LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpegc.cxx. LibreOffice anterior al 17-03-2017 tiene una escritura fuera de rango causada por un desbordamiento de búfer basado en memoria dinámica, relacionado con la función ReadJPEG en vcl/source/filter/jpeg/jpegc.cxx. • http://www.securityfocus.com/bid/98395 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7882
https://notcve.org/view.php?id=CVE-2017-7882
15 Apr 2017 — LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx. LibreOffice en versiones anteriores a 14-03-2017 tiene una escritura fuera de límites relacionada con la función HWPFile::TagsRead en hwpfilter/source/hwpfile.cxx. • http://www.libreoffice.org/about-us/security/advisories/cve-2017-7882 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2017-7870 – libreoffice: Heap-buffer-overflow in tools::Polygon::Insert
https://notcve.org/view.php?id=CVE-2017-7870
14 Apr 2017 — LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx. LibreOffice en versiones anteriores a 02-01-2017 tiene una escritura fuera de límites provocado por un desbordamiento de búfer basado en memoria dinámica en relación con la función tools::Polygon::Insert en tools/source/generic/poly.cxx An out-of-bounds write flaw was found in the way Libreoffice rendered certain documents containing... • http://www.debian.org/security/2017/dsa-3837 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7856
https://notcve.org/view.php?id=CVE-2017-7856
14 Apr 2017 — LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source/gdi/svmconverter.cxx. LibreOffice en versiones anteriores a 11-03-2017 tiene una escritura fuera de límites provocado por un desbordamiento de búfer basado en memoria dinámica en la función SVMConverter::ImplConvertFromSVM1 en vcl/source/gdi/svmconverter.cxx • http://www.libreoffice.org/about-us/security/advisories/cve-2017-7856 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10327 – Gentoo Linux Security Advisory 201706-28
https://notcve.org/view.php?id=CVE-2016-10327
14 Apr 2017 — LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx. LibreOffice en versiones anteriores a 22-12-2016 tiene una escritura fuera de límites provocada por un desbordamiento de búfer basado en memoria dinámica relacionado con la función EnhWMFReader::ReadEnhWMF en VCL/fuente/filtro/WMF/enhwmf.cxx. It was discovered that LibreOffice incorrectly handled EMF image files. If a user were ... • http://www.libreoffice.org/about-us/security/advisories/cve-2016-10327 • CWE-787: Out-of-bounds Write •