CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-9847 – Executable hyperlink targets executed unconditionally on activation
https://notcve.org/view.php?id=CVE-2019-9847
09 May 2019 — A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable target is unconditionally launched. Under Windows and macOS when processing a hyperlink target explicitly activated by the user there was no judgment made on whether the target was an executable file, so such executable targets were launched unconditionally. Thi... • https://www.libreoffice.org/about-us/security/advisories/cve-2019-9847 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 92%CPEs: 2EXPL: 7CVE-2018-16858 – LibreOffice Macro Code Execution
https://notcve.org/view.php?id=CVE-2018-16858
04 Feb 2019 — It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location. Se ha observado que libreoffice en versiones anteriores a la 6.0.7 y 6.1.3 era vulnerable a ataques de salto de directori... • https://packetstorm.news/files/id/152560 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-356: Product UI does not Warn User of Unsafe Actions •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-14939
https://notcve.org/view.php?id=CVE-2018-14939
05 Aug 2018 — The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site. La función get_app_path en desktop/unx/source/start.c en LibreOffice hasta la versión 6.0.5 gestiona... • http://www.securityfocus.com/bid/105047 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 71%CPEs: 10EXPL: 6CVE-2018-10583 – LibreOffice 6.03 /Apache OpenOffice 4.1.5 Malicious ODT File Generator
https://notcve.org/view.php?id=CVE-2018-10583
01 May 2018 — An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. Ocurre una vulnerabilidad de divulgación de información cuando LibreOffice 6.0.3 y Apache OpenOffice Writer 4.1.5 procesan automáticamente e inician una conexión SMB embebida en un archivo malicioso, ... • https://packetstorm.news/files/id/180738 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2018-10119 – libreoffice: Use-after-free in sdstor/stgstrms.cxx:StgSmallStrm class allows for denial of service with crafted document
https://notcve.org/view.php?id=CVE-2018-10119
15 Apr 2018 — sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format. sot/source/sdstor/stgstrms.cxx en LibreOffice, en versiones anteriores a la 5.4.5.1 y versiones 6.x anteriores a la 6.0.1.1, emplea un tipo de dato... • https://access.redhat.com/errata/RHSA-2018:3054 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2018-10120 – libreoffice: Out of bounds write in filter/ww8/ww8toolbar.cxx:SwCTBWrapper class allows for denial of service with crafted document
https://notcve.org/view.php?id=CVE-2018-10120
15 Apr 2018 — The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record. La función SwCTBWrapper::Read en sw/source/filter/ww8/ww8toolbar.cxx en LibreOffice, en versiones anteriores a la 5.4.6.1 y vers... • https://access.redhat.com/errata/RHSA-2018:3054 • CWE-129: Improper Validation of Array Index CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 30%CPEs: 22EXPL: 3CVE-2018-6871 – LibreOffice < 6.0.1 - '=WEBSERVICE' Remote Arbitrary File Disclosure
https://notcve.org/view.php?id=CVE-2018-6871
08 Feb 2018 — LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. LibreOffice, en versiones anteriores a la 5.4.5 y versiones 6.x anteriores a la 6.0.1, permite que atacantes remotos lean archivos arbitrarios mediante llamadas =WEBSERVICE en un documento, que emplea la función COM.MICROSOFT.WEBSERVICE. A flaw was found in libreoffice before 5.4.5 and before 6.0.1. Arbitrary remote file disclosur... • https://packetstorm.news/files/id/146319 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2017-14226
https://notcve.org/view.php?id=CVE-2017-14226
09 Sep 2017 — WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application. WP1StylesListener.cpp, WP5StylesListener.cpp, y WP42StylesListener.cpp en libwpd 0.10.1 no gestiona iteradores correctamente, lo... • https://bugs.documentfoundation.org/show_bug.cgi?id=112269 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8358
https://notcve.org/view.php?id=CVE-2017-8358
30 Apr 2017 — LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpegc.cxx. LibreOffice anterior al 17-03-2017 tiene una escritura fuera de rango causada por un desbordamiento de búfer basado en memoria dinámica, relacionado con la función ReadJPEG en vcl/source/filter/jpeg/jpegc.cxx. • http://www.securityfocus.com/bid/98395 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2017-7882
https://notcve.org/view.php?id=CVE-2017-7882
15 Apr 2017 — LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx. LibreOffice en versiones anteriores a 14-03-2017 tiene una escritura fuera de límites relacionada con la función HWPFile::TagsRead en hwpfilter/source/hwpfile.cxx. • http://www.libreoffice.org/about-us/security/advisories/cve-2017-7882 • CWE-787: Out-of-bounds Write •