Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
36 vulnerabilities by The Document Foundation
CVE-2026-8358 (GCVE-0-2026-8358)
Vulnerability from cvelistv5 – Published: 2026-06-15 16:24 – Updated: 2026-06-16 19:27
VLAI
Title
Heap buffer overflow in spreadsheet tracked-changes import
Summary
LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its allocation. In fixed versions records with a duplicate identifier are rejected.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Document Foundation | LibreOffice |
Affected:
25.8 , < < 25.8.7
(26.2 series)
Affected: 26.2 , < < 26.2.4 (26.2 series) |
Date Public
2026-06-15 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8358",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-15T18:01:43.169114Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T18:01:48.332Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "LibreOffice",
"vendor": "The Document Foundation",
"versions": [
{
"lessThan": "\u003c 25.8.7",
"status": "affected",
"version": "25.8",
"versionType": "26.2 series"
},
{
"lessThan": "\u003c 26.2.4",
"status": "affected",
"version": "26.2",
"versionType": "26.2 series"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anthropic (automated discovery using Claude)"
},
{
"lang": "en",
"type": "analyst",
"value": "Arthur Chan of Ada Logics (validation and reporting)"
}
],
"datePublic": "2026-06-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eLibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its allocation. In fixed versions records with a duplicate identifier are rejected.\u003c/p\u003e"
}
],
"value": "LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its allocation. In fixed versions records with a duplicate identifier are rejected."
}
],
"impacts": [
{
"capecId": "CAPEC-44",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-44 Overflow Binary Resource File"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T19:27:16.142Z",
"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"shortName": "Document Fdn."
},
"references": [
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2026-8358"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Heap buffer overflow in spreadsheet tracked-changes import",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"assignerShortName": "Document Fdn.",
"cveId": "CVE-2026-8358",
"datePublished": "2026-06-15T16:24:03.796Z",
"dateReserved": "2026-05-11T19:01:49.347Z",
"dateUpdated": "2026-06-16T19:27:16.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8357 (GCVE-0-2026-8357)
Vulnerability from cvelistv5 – Published: 2026-06-15 16:23 – Updated: 2026-06-15 18:03
VLAI
Title
Heap buffer overflow in Calc formula compilation
Summary
LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element past its end. In fixed versions the array is sized to hold the largest possible nesting.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Document Foundation | LibreOffice |
Affected:
26.2 , < < 26.2.4
(26.2 series)
|
Date Public
2026-06-15 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8357",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-15T18:03:49.986573Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T18:03:57.153Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "LibreOffice",
"vendor": "The Document Foundation",
"versions": [
{
"lessThan": "\u003c 26.2.4",
"status": "affected",
"version": "26.2",
"versionType": "26.2 series"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anthropic (automated discovery using Claude)"
},
{
"lang": "en",
"type": "analyst",
"value": "Arthur Chan of Ada Logics (validation and reporting)"
}
],
"datePublic": "2026-06-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eLibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element past its end. In fixed versions the array is sized to hold the largest possible nesting.\u003c/p\u003e"
}
],
"value": "LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element past its end. In fixed versions the array is sized to hold the largest possible nesting."
}
],
"impacts": [
{
"capecId": "CAPEC-44",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-44 Overflow Binary Resource File"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193 Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T16:23:37.518Z",
"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"shortName": "Document Fdn."
},
"references": [
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2026-8357"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Heap buffer overflow in Calc formula compilation",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"assignerShortName": "Document Fdn.",
"cveId": "CVE-2026-8357",
"datePublished": "2026-06-15T16:23:37.518Z",
"dateReserved": "2026-05-11T18:55:27.138Z",
"dateUpdated": "2026-06-15T18:03:57.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8356 (GCVE-0-2026-8356)
Vulnerability from cvelistv5 – Published: 2026-06-15 16:23 – Updated: 2026-06-15 18:05
VLAI
Title
Stack buffer overflow in PPT presentation import
Summary
LibreOffice can import presentations in the legacy binary PPT format. A stack buffer overflow existed when importing a colour-replacement record. Two fixed-size colour tables were filled from the file, but the write position was not reset between the two passes over the record, so a file whose combined colour counts exceeded the table size wrote past the end of the tables on the stack. In fixed versions the unused second pass is no longer read into those tables.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Document Foundation | LibreOffice |
Affected:
26.2 , < < 26.2.4
(26.2 series)
|
Date Public
2026-06-15 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8356",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-15T18:04:56.736672Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T18:05:22.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "LibreOffice",
"vendor": "The Document Foundation",
"versions": [
{
"lessThan": "\u003c 26.2.4",
"status": "affected",
"version": "26.2",
"versionType": "26.2 series"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anthropic (automated discovery using Claude)"
},
{
"lang": "en",
"type": "analyst",
"value": "Arthur Chan of Ada Logics (validation and reporting)"
}
],
"datePublic": "2026-06-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eLibreOffice can import presentations in the legacy binary PPT format. A stack buffer overflow existed when importing a colour-replacement record. Two fixed-size colour tables were filled from the file, but the write position was not reset between the two passes over the record, so a file whose combined colour counts exceeded the table size wrote past the end of the tables on the stack. In fixed versions the unused second pass is no longer read into those tables.\u003c/p\u003e"
}
],
"value": "LibreOffice can import presentations in the legacy binary PPT format. A stack buffer overflow existed when importing a colour-replacement record. Two fixed-size colour tables were filled from the file, but the write position was not reset between the two passes over the record, so a file whose combined colour counts exceeded the table size wrote past the end of the tables on the stack. In fixed versions the unused second pass is no longer read into those tables."
}
],
"impacts": [
{
"capecId": "CAPEC-44",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-44 Overflow Binary Resource File"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T16:23:06.477Z",
"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"shortName": "Document Fdn."
},
"references": [
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2026-8356"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Stack buffer overflow in PPT presentation import",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"assignerShortName": "Document Fdn.",
"cveId": "CVE-2026-8356",
"datePublished": "2026-06-15T16:23:06.477Z",
"dateReserved": "2026-05-11T18:42:20.783Z",
"dateUpdated": "2026-06-15T18:05:22.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6047 (GCVE-0-2026-6047)
Vulnerability from cvelistv5 – Published: 2026-06-15 16:22 – Updated: 2026-06-15 18:11
VLAI
Title
Heap buffer overflow in OOXML text box element import
Summary
LibreOffice can import documents in the OOXML format (DOCX). A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed past the end of the allocation. In fixed versions the type is checked before the write.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Document Foundation | LibreOffice |
Affected:
25.8 , < < 25.8.7
(25.8 series)
Affected: 26.2 , < < 26.2.3 (26.2 series) |
Date Public
2026-06-15 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6047",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-15T18:11:34.358602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T18:11:48.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "LibreOffice",
"vendor": "The Document Foundation",
"versions": [
{
"lessThan": "\u003c 25.8.7",
"status": "affected",
"version": "25.8",
"versionType": "25.8 series"
},
{
"lessThan": "\u003c 26.2.3",
"status": "affected",
"version": "26.2",
"versionType": "26.2 series"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anthropic (automated discovery using Claude)"
},
{
"lang": "en",
"type": "analyst",
"value": "Trail of Bits (triage and validation)"
}
],
"datePublic": "2026-06-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eLibreOffice can import documents in the OOXML format (DOCX). A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type\u0027s field layout, but it could be a smaller object, so the write landed past the end of the allocation. In fixed versions the type is checked before the write.\u003c/p\u003e"
}
],
"value": "LibreOffice can import documents in the OOXML format (DOCX). A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type\u0027s field layout, but it could be a smaller object, so the write landed past the end of the allocation. In fixed versions the type is checked before the write."
}
],
"impacts": [
{
"capecId": "CAPEC-44",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-44 Overflow Binary Resource File"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T16:22:37.208Z",
"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"shortName": "Document Fdn."
},
"references": [
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2026-6047"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Heap buffer overflow in OOXML text box element import",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"assignerShortName": "Document Fdn.",
"cveId": "CVE-2026-6047",
"datePublished": "2026-06-15T16:22:37.208Z",
"dateReserved": "2026-04-09T19:21:23.491Z",
"dateUpdated": "2026-06-15T18:11:48.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6045 (GCVE-0-2026-6045)
Vulnerability from cvelistv5 – Published: 2026-06-15 16:22 – Updated: 2026-06-15 18:13
VLAI
Title
Heap buffer overflow in EMF+ gradient brush import
Summary
LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small buffer was allocated and then filled as if it were large, writing past its end. In fixed versions the blend-point count is checked against the data actually available before allocating.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Document Foundation | LibreOffice |
Affected:
25.8 , < < 25.8.7
(25.8 series)
Affected: 26.2 , < < 26.2.3 (26.2 series) |
Date Public
2026-06-15 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6045",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-15T18:12:50.303654Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T18:13:24.274Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "LibreOffice",
"vendor": "The Document Foundation",
"versions": [
{
"lessThan": "\u003c 25.8.7",
"status": "affected",
"version": "25.8",
"versionType": "25.8 series"
},
{
"lessThan": "\u003c 26.2.3",
"status": "affected",
"version": "26.2",
"versionType": "26.2 series"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anthropic (automated discovery using Claude)"
},
{
"lang": "en",
"type": "analyst",
"value": "Trail of Bits (triage and validation)"
}
],
"datePublic": "2026-06-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eLibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small buffer was allocated and then filled as if it were large, writing past its end. In fixed versions the blend-point count is checked against the data actually available before allocating.\u003c/p\u003e"
}
],
"value": "LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small buffer was allocated and then filled as if it were large, writing past its end. In fixed versions the blend-point count is checked against the data actually available before allocating."
}
],
"impacts": [
{
"capecId": "CAPEC-44",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-44 Overflow Binary Resource File"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T16:22:16.574Z",
"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"shortName": "Document Fdn."
},
"references": [
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2026-6045"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Heap buffer overflow in EMF+ gradient brush import",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"assignerShortName": "Document Fdn.",
"cveId": "CVE-2026-6045",
"datePublished": "2026-06-15T16:22:16.574Z",
"dateReserved": "2026-04-09T19:07:34.963Z",
"dateUpdated": "2026-06-15T18:13:24.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6040 (GCVE-0-2026-6040)
Vulnerability from cvelistv5 – Published: 2026-06-15 16:21 – Updated: 2026-06-15 18:14
VLAI
Title
Heap use-after-free in ODF number-format blank-width parsing
Summary
A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed versions the position is bounds-checked before use.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Document Foundation | LibreOffice |
Affected:
25.8 , < < 25.8.7
(25.8 series)
Affected: 26.2 , < < 26.2.3 (26.2 series) |
Date Public
2026-06-15 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6040",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-15T18:14:24.996356Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T18:14:30.848Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "LibreOffice",
"vendor": "The Document Foundation",
"versions": [
{
"lessThan": "\u003c 25.8.7",
"status": "affected",
"version": "25.8",
"versionType": "25.8 series"
},
{
"lessThan": "\u003c 26.2.3",
"status": "affected",
"version": "26.2",
"versionType": "26.2 series"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anthropic (automated discovery using Claude)"
},
{
"lang": "en",
"type": "analyst",
"value": "Trail of Bits (triage and validation)"
}
],
"datePublic": "2026-06-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed versions the position is bounds-checked before use.\u003c/p\u003e"
}
],
"value": "A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed versions the position is bounds-checked before use."
}
],
"impacts": [
{
"capecId": "CAPEC-44",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-44 Overflow Binary Resource File"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T16:21:53.903Z",
"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"shortName": "Document Fdn."
},
"references": [
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2026-6040"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Heap use-after-free in ODF number-format blank-width parsing",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"assignerShortName": "Document Fdn.",
"cveId": "CVE-2026-6040",
"datePublished": "2026-06-15T16:21:53.903Z",
"dateReserved": "2026-04-09T16:42:11.799Z",
"dateUpdated": "2026-06-15T18:14:30.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6039 (GCVE-0-2026-6039)
Vulnerability from cvelistv5 – Published: 2026-06-15 16:21 – Updated: 2026-06-15 18:17
VLAI
Title
Heap buffer overflow in DXF polyline import
Summary
LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count taken from the file was truncated to a 16-bit value when the point buffer was sized, while the full count was used to fill it, so a polyline whose point count exceeded the 16-bit range was written past the end of the buffer. In fixed versions such oversized polylines are rejected.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Document Foundation | LibreOffice |
Affected:
25.8 , < < 25.8.7
(25.8 series)
Affected: 26.2 , < < 26.2.3 (26.2 series) |
Date Public
2026-06-15 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6039",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-15T18:16:06.325169Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T18:17:13.933Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "LibreOffice",
"vendor": "The Document Foundation",
"versions": [
{
"lessThan": "\u003c 25.8.7",
"status": "affected",
"version": "25.8",
"versionType": "25.8 series"
},
{
"lessThan": "\u003c 26.2.3",
"status": "affected",
"version": "26.2",
"versionType": "26.2 series"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anthropic (automated discovery using Claude)"
},
{
"lang": "en",
"type": "analyst",
"value": "Trail of Bits (triage and validation)"
}
],
"datePublic": "2026-06-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eLibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count taken from the file was truncated to a 16-bit value when the point buffer was sized, while the full count was used to fill it, so a polyline whose point count exceeded the 16-bit range was written past the end of the buffer. In fixed versions such oversized polylines are rejected.\u003c/p\u003e"
}
],
"value": "LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count taken from the file was truncated to a 16-bit value when the point buffer was sized, while the full count was used to fill it, so a polyline whose point count exceeded the 16-bit range was written past the end of the buffer. In fixed versions such oversized polylines are rejected."
}
],
"impacts": [
{
"capecId": "CAPEC-44",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-44 Overflow Binary Resource File"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-197",
"description": "CWE-197 Numeric Truncation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T16:21:16.514Z",
"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"shortName": "Document Fdn."
},
"references": [
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2026-6039"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Heap buffer overflow in DXF polyline import",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"assignerShortName": "Document Fdn.",
"cveId": "CVE-2026-6039",
"datePublished": "2026-06-15T16:21:16.514Z",
"dateReserved": "2026-04-09T16:29:22.953Z",
"dateUpdated": "2026-06-15T18:17:13.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4430 (GCVE-0-2026-4430)
Vulnerability from cvelistv5 – Published: 2026-05-07 07:16 – Updated: 2026-05-07 13:03
VLAI
Title
Heap Buffer Overflow in AgileEngine
Summary
Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters.
This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds write
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Document Foundation | LibreOffice |
Affected:
26.2 , < 26.2.3
(26 series)
Affected: 25.8 , < 25.8.7 (25 series) |
Date Public
2026-05-06 15:42
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4430",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T13:02:56.156578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T13:03:05.876Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LibreOffice",
"vendor": "The Document Foundation",
"versions": [
{
"lessThan": "26.2.3",
"status": "affected",
"version": "26.2",
"versionType": "26 series"
},
{
"lessThan": "25.8.7",
"status": "affected",
"version": "25.8",
"versionType": "25 series"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Duc Anh Nguyen (@Danzation)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Caol\u00e1n McNamara \u003ccaolan.mcnamara@collabora.com\u003e"
}
],
"datePublic": "2026-05-06T15:42:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eOut-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters.\u003c/div\u003e\u003cdiv\u003eThis issue affects\u0026nbsp;LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7.\u003c/div\u003e"
}
],
"value": "Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters.\n\nThis issue affects\u00a0LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7."
}
],
"impacts": [
{
"capecId": "CAPEC-44",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-44 Overflow Binary Resource File"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T07:16:18.851Z",
"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"shortName": "Document Fdn."
},
"references": [
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2026-4430"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Heap Buffer Overflow in AgileEngine",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"assignerShortName": "Document Fdn.",
"cveId": "CVE-2026-4430",
"datePublished": "2026-05-07T07:16:18.851Z",
"dateReserved": "2026-03-19T14:58:41.694Z",
"dateUpdated": "2026-05-07T13:03:05.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14714 (GCVE-0-2025-14714)
Vulnerability from cvelistv5 – Published: 2025-12-15 10:30 – Updated: 2025-12-15 13:13
VLAI
Title
TCC Bypass via Inherited Permissions in Bundled Interpreter
Summary
An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle
By executing the bundled interpreter directly the attacker's scripts run with the application's TCC privileges
In fixed versions parent-constraints are used to allow only the main application to launch interpreter with those permissions
This issue affects LibreOffice on macOS: from 25.2 before < 25.2.4.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Document Foundation | LibreOffice |
Affected:
25.2 , < < 25.2.4
(25.2 series)
|
Date Public
2025-12-15 10:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14714",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T13:13:04.911133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T13:13:17.791Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"MacOS"
],
"product": "LibreOffice",
"vendor": "The Document Foundation",
"versions": [
{
"lessThan": "\u003c 25.2.4",
"status": "affected",
"version": "25.2",
"versionType": "25.2 series"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Karol Mazurek of AFINE"
}
],
"datePublic": "2025-12-15T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eAn Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Control (TCC) permissions\u0026nbsp;granted by the user to the main application bundle\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eBy executing the bundled interpreter directly the attacker\u0027s scripts run with the application\u0027s TCC\u0026nbsp;privileges\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eIn fixed versions parent-constraints are used to allow only the main application to launch interpreter with those permissions\u003c/div\u003e\u003cp\u003eThis issue affects LibreOffice on macOS: from 25.2 before \u0026lt; 25.2.4.\u003c/p\u003e"
}
],
"value": "An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Control (TCC) permissions\u00a0granted by the user to the main application bundle\n\n\n\n\nBy executing the bundled interpreter directly the attacker\u0027s scripts run with the application\u0027s TCC\u00a0privileges\n\n\n\n\nIn fixed versions parent-constraints are used to allow only the main application to launch interpreter with those permissions\n\nThis issue affects LibreOffice on macOS: from 25.2 before \u003c 25.2.4."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 0.9,
"baseSeverity": "LOW",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T10:30:55.796Z",
"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"shortName": "Document Fdn."
},
"references": [
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2025-14714"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "TCC Bypass via Inherited Permissions in Bundled Interpreter",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"assignerShortName": "Document Fdn.",
"cveId": "CVE-2025-14714",
"datePublished": "2025-12-15T10:30:55.796Z",
"dateReserved": "2025-12-15T09:52:45.310Z",
"dateUpdated": "2025-12-15T13:13:17.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-2866 (GCVE-0-2025-2866)
Vulnerability from cvelistv5 – Published: 2025-04-27 19:04 – Updated: 2025-11-03 19:46
VLAI
Title
PDF signature forgery with adbe.pkcs7.sha1 SubFilter
Summary
Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation.
In the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause invalid signatures to be accepted as valid
This issue affects LibreOffice: from 24.8 before < 24.8.6, from 25.2 before < 25.2.2.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Document Foundation | LibreOffice |
Affected:
24.8 , < < 24.8.6
(24.8 series)
Affected: 25.2 , < < 25.2.2 (25.2 series) |
Date Public
2025-04-27 19:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2866",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T13:41:33.064404Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T13:41:41.123Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:46:42.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "LibreOffice",
"vendor": "The Document Foundation",
"versions": [
{
"lessThan": "\u003c 24.8.6",
"status": "affected",
"version": "24.8",
"versionType": "24.8 series"
},
{
"lessThan": "\u003c 25.2.2",
"status": "affected",
"version": "25.2",
"versionType": "25.2 series"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks to Juraj \u0160arinay for discovering this issue and for providing a fix"
}
],
"datePublic": "2025-04-27T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eImproper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eIn the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause invalid signatures to be accepted as valid\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis issue affects LibreOffice: from 24.8 before \u0026lt; 24.8.6, from 25.2 before \u0026lt; 25.2.2.\u003c/div\u003e"
}
],
"value": "Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation.\n\n\n\n\nIn the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause invalid signatures to be accepted as valid\n\n\n\n\nThis issue affects LibreOffice: from 24.8 before \u003c 24.8.6, from 25.2 before \u003c 25.2.2."
}
],
"impacts": [
{
"capecId": "CAPEC-475",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-475 Signature Spoofing by Improper Validation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 2.4,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T19:04:52.226Z",
"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"shortName": "Document Fdn."
},
"references": [
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2025-2866"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PDF signature forgery with adbe.pkcs7.sha1 SubFilter",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"assignerShortName": "Document Fdn.",
"cveId": "CVE-2025-2866",
"datePublished": "2025-04-27T19:04:52.226Z",
"dateReserved": "2025-03-27T11:22:16.241Z",
"dateUpdated": "2025-11-03T19:46:42.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-25635 (GCVE-0-2021-25635)
Vulnerability from cvelistv5 – Published: 2025-03-21 14:52 – Updated: 2025-03-21 15:13
VLAI
Title
Content Manipulation with Certificate Validation Attack
Summary
An Improper Certificate Validation vulnerability in LibreOffice allowed
an attacker to self sign an ODF document, with a signature untrusted by
the target, then modify it to change the signature algorithm to an
invalid (or unknown to LibreOffice) algorithm and LibreOffice would incorrectly present such a signature with an unknown algorithm as a
valid signature issued by a trusted person
This issue affects LibreOffice: from 7.0 before 7.0.5, from 7.1 before 7.1.1.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Document Foundation | LibreOffice |
Affected:
7.0 , < 7.0.5
(7.0 series)
Affected: 7.1 , < 7.1.1 (7.1 series) |
Date Public
2021-10-11 14:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-25635",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T15:13:07.905943Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T15:13:24.100Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "LibreOffice",
"vendor": "The Document Foundation",
"versions": [
{
"lessThan": "7.0.5",
"status": "affected",
"version": "7.0",
"versionType": "7.0 series"
},
{
"lessThan": "7.1.1",
"status": "affected",
"version": "7.1",
"versionType": "7.1 series"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "NDS of Ruhr University Bochum"
}
],
"datePublic": "2021-10-11T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eAn Improper Certificate Validation vulnerability in LibreOffice allowed \nan attacker to self sign an ODF document, with a signature untrusted by \nthe target, then modify it to change the signature algorithm to an \ninvalid (or unknown to LibreOffice) algorithm and LibreOffice would incorrectly present such a signature with an unknown algorithm as a \nvalid signature issued by a trusted person\u003cbr\u003e\u003c/div\u003e\u003cp\u003eThis issue affects LibreOffice: from 7.0 before 7.0.5, from 7.1 before 7.1.1.\u003c/p\u003e"
}
],
"value": "An Improper Certificate Validation vulnerability in LibreOffice allowed \nan attacker to self sign an ODF document, with a signature untrusted by \nthe target, then modify it to change the signature algorithm to an \ninvalid (or unknown to LibreOffice) algorithm and LibreOffice would incorrectly present such a signature with an unknown algorithm as a \nvalid signature issued by a trusted person\n\n\nThis issue affects LibreOffice: from 7.0 before 7.0.5, from 7.1 before 7.1.1."
}
],
"impacts": [
{
"capecId": "CAPEC-475",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-475 Signature Spoofing by Improper Validation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T14:52:50.484Z",
"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"shortName": "Document Fdn."
},
"references": [
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2021-25635/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Content Manipulation with Certificate Validation Attack",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"assignerShortName": "Document Fdn.",
"cveId": "CVE-2021-25635",
"datePublished": "2025-03-21T14:52:50.484Z",
"dateReserved": "2021-01-19T22:48:43.994Z",
"dateUpdated": "2025-03-21T15:13:24.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1080 (GCVE-0-2025-1080)
Vulnerability from cvelistv5 – Published: 2025-03-04 20:04 – Updated: 2025-11-03 19:35
VLAI
Title
Macro URL arbitrary script execution
Summary
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments.
This issue affects LibreOffice: from 24.8 before < 24.8.5, from 25.2 before < 25.2.1.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Document Foundation | LibreOffice |
Affected:
24.8 , < < 24.8.5
(24.8 series)
Affected: 25.2 , < < 25.2.1 (25.2 series) |
Date Public
2025-03-04 19:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1080",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T20:34:55.887296Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T20:35:03.500Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:35:13.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "LibreOffice",
"vendor": "The Document Foundation",
"versions": [
{
"lessThan": "\u003c 24.8.5",
"status": "affected",
"version": "24.8",
"versionType": "24.8 series"
},
{
"lessThan": "\u003c 25.2.1",
"status": "affected",
"version": "25.2",
"versionType": "25.2 series"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks to Amel Bouziane-Leblond for finding and reporting this issue."
}
],
"datePublic": "2025-03-04T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme \u0027vnd.libreoffice.command\u0027 specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments.\u003cbr\u003e\u003cp\u003eThis issue affects LibreOffice: from 24.8 before \u0026lt; 24.8.5, from 25.2 before \u0026lt; 25.2.1.\u003c/p\u003e"
}
],
"value": "LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme \u0027vnd.libreoffice.command\u0027 specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments.\nThis issue affects LibreOffice: from 24.8 before \u003c 24.8.5, from 25.2 before \u003c 25.2.1."
}
],
"impacts": [
{
"capecId": "CAPEC-160",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-160 Exploit Script-Based APIs"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T20:04:10.946Z",
"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"shortName": "Document Fdn."
},
"references": [
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2025-1080"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Macro URL arbitrary script execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"assignerShortName": "Document Fdn.",
"cveId": "CVE-2025-1080",
"datePublished": "2025-03-04T20:04:10.946Z",
"dateReserved": "2025-02-06T13:14:08.175Z",
"dateUpdated": "2025-11-03T19:35:13.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-0514 (GCVE-0-2025-0514)
Vulnerability from cvelistv5 – Published: 2025-02-25 21:16 – Updated: 2025-02-25 21:29
VLAI
Title
Executable hyperlink Windows path targets executed unconditionally on activation
Summary
Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targets to be executed unconditionally on activation.This issue affects LibreOffice: from 24.8 before < 24.8.5.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Document Foundation | LibreOffice |
Affected:
24.8 , < < 24.8.5
(24.8 series)
|
Date Public
2025-02-25 20:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0514",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T21:28:20.208266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T21:29:02.530Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LibreOffice",
"vendor": "The Document Foundation",
"versions": [
{
"lessThan": "\u003c 24.8.5",
"status": "affected",
"version": "24.8",
"versionType": "24.8 series"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Amel Bouziane-Leblond"
}
],
"datePublic": "2025-02-25T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targets to be executed unconditionally on activation.\u003cp\u003eThis issue affects LibreOffice: from 24.8 before \u0026lt; 24.8.5.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targets to be executed unconditionally on activation.This issue affects LibreOffice: from 24.8 before \u003c 24.8.5."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T21:16:30.521Z",
"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"shortName": "Document Fdn."
},
"references": [
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2025-0514"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Executable hyperlink Windows path targets executed unconditionally on activation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"assignerShortName": "Document Fdn.",
"cveId": "CVE-2025-0514",
"datePublished": "2025-02-25T21:16:30.521Z",
"dateReserved": "2025-01-16T13:17:45.230Z",
"dateUpdated": "2025-02-25T21:29:02.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12426 (GCVE-0-2024-12426)
Vulnerability from cvelistv5 – Published: 2025-01-07 12:22 – Updated: 2025-11-03 20:36
VLAI
Title
URL fetching can be used to exfiltrate arbitrary INI file values and environment variables
Summary
Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice.
URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remote server on opening a document containing such links.
This issue affects LibreOffice: from 24.8 before < 24.8.4.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Document Foundation | LibreOffice |
Affected:
24.8 , < < 24.8.4
(24.8 series)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12426",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-07T14:38:29.579414Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T14:38:34.076Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:36:39.840Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LibreOffice",
"vendor": "The Document Foundation",
"versions": [
{
"lessThan": "\u003c 24.8.4",
"status": "affected",
"version": "24.8",
"versionType": "24.8 series"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Thomas Rinsma of Codean Labs"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eExposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eURLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remote server on opening a document containing such links.\u003cbr\u003e\u003c/div\u003e\u003cp\u003eThis issue affects LibreOffice: from 24.8 before \u0026lt; 24.8.4.\u003c/p\u003e"
}
],
"value": "Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice.\n\n\n\n\nURLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remote server on opening a document containing such links.\n\n\nThis issue affects LibreOffice: from 24.8 before \u003c 24.8.4."
}
],
"impacts": [
{
"capecId": "CAPEC-13",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-13 Subverting Environment Variable Values"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T12:22:32.991Z",
"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"shortName": "Document Fdn."
},
"references": [
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2024-12426"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "URL fetching can be used to exfiltrate arbitrary INI file values and environment variables",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"assignerShortName": "Document Fdn.",
"cveId": "CVE-2024-12426",
"datePublished": "2025-01-07T12:22:32.991Z",
"dateReserved": "2024-12-10T16:37:23.376Z",
"dateUpdated": "2025-11-03T20:36:39.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-12425 (GCVE-0-2024-12425)
Vulnerability from cvelistv5 – Published: 2025-01-07 11:15 – Updated: 2025-11-03 20:36
VLAI
Title
Path traversal leading to arbitrary .ttf file write
Summary
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal.
An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font files.
This issue affects LibreOffice: from 24.8 before < 24.8.4.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Document Foundation | LibreOffice |
Affected:
24.8 , < < 24.8.4
(24.8 series)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12425",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-07T14:16:49.139137Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T14:17:01.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:36:38.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LibreOffice",
"vendor": "The Document Foundation",
"versions": [
{
"lessThan": "\u003c 24.8.4",
"status": "affected",
"version": "24.8",
"versionType": "24.8 series"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Thomas Rinsma of Codean Labs"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eImproper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eAn attacker can write to arbitrary locations, albeit suffixed with \".ttf\", by supplying a file in a format that supports embedded font files.\u003cbr\u003e\u003c/div\u003e\u003cp\u003eThis issue affects LibreOffice: from 24.8 before \u0026lt; 24.8.4.\u003c/p\u003e"
}
],
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal.\n\n\n\n\nAn attacker can write to arbitrary locations, albeit suffixed with \".ttf\", by supplying a file in a format that supports embedded font files.\n\n\nThis issue affects LibreOffice: from 24.8 before \u003c 24.8.4."
}
],
"impacts": [
{
"capecId": "CAPEC-597",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-597 Absolute Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 2.4,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T11:15:08.251Z",
"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"shortName": "Document Fdn."
},
"references": [
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2024-12425"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Path traversal leading to arbitrary .ttf file write",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"assignerShortName": "Document Fdn.",
"cveId": "CVE-2024-12425",
"datePublished": "2025-01-07T11:15:08.251Z",
"dateReserved": "2024-12-10T16:37:20.903Z",
"dateUpdated": "2025-11-03T20:36:38.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-7788 (GCVE-0-2024-7788)
Vulnerability from cvelistv5 – Published: 2024-09-17 14:28 – Updated: 2024-10-12 13:05
VLAI
Title
Signatures in "repair mode" should not be trusted
Summary
Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| The Document Foundation | LibreOffice |
Affected:
24.2 , < < 24.2.5
(24.2 series)
|
|
| thedocumentfoundation | libreoffice |
Affected:
24.2 , < 24.2.5
(custom)
cpe:2.3:a:thedocumentfoundation:libreoffice:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:thedocumentfoundation:libreoffice:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "libreoffice",
"vendor": "thedocumentfoundation",
"versions": [
{
"lessThan": "24.2.5",
"status": "affected",
"version": "24.2",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7788",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T15:52:01.086783Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T15:55:47.097Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-10-12T13:05:35.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LibreOffice",
"vendor": "The Document Foundation",
"versions": [
{
"lessThan": "\u003c 24.2.5",
"status": "affected",
"version": "24.2",
"versionType": "24.2 series"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks to Thanks to Yufan You for finding and reporting this issue"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Thanks to Michael Stahl of allotropia for providing a fix"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Digital Signature Invalidation\u0026nbsp; vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows \u003cspan style=\"background-color: rgb(246, 245, 244);\"\u003eSignature forgery vulnerability in LibreOffice\u003c/span\u003e\u003cp\u003eThis issue affects LibreOffice: from 24.2 before \u0026lt; 24.2.5.\u003c/p\u003e"
}
],
"value": "Improper Digital Signature Invalidation\u00a0 vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before \u003c 24.2.5."
}
],
"impacts": [
{
"capecId": "CAPEC-477",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-477 Signature Spoofing by Mixing Signed and Unsigned Content"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:28:36.075Z",
"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"shortName": "Document Fdn."
},
"references": [
{
"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2024-7788"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Signatures in \"repair mode\" should not be trusted",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"assignerShortName": "Document Fdn.",
"cveId": "CVE-2024-7788",
"datePublished": "2024-09-17T14:28:36.075Z",
"dateReserved": "2024-08-14T11:41:07.960Z",
"dateUpdated": "2024-10-12T13:05:35.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6472 (GCVE-0-2024-6472)
Vulnerability from cvelistv5 – Published: 2024-08-05 12:55 – Updated: 2024-08-05 14:32
VLAI
Title
Ability to trust not validated macro signatures removed in high security mode
Summary
Certificate Validation user interface in LibreOffice allows potential vulnerability.
Signed macros are scripts that have been digitally signed by the
developer using a cryptographic signature. When a document with a signed
macro is opened a warning is displayed by LibreOffice before the macro
is executed.
Previously if verification failed the user could fail to understand the failure and choose to enable the macros anyway.
This issue affects LibreOffice: from 24.2 before 24.2.5.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| The Document Foundation | LibreOffice |
Affected:
24.2 , < 24.2.5
(24.2 series)
|
|
| the_document_foundation | libreoffice |
Affected:
24.2 , < 24.2.5
(custom)
cpe:2.3:a:the_document_foundation:libreoffice:*:*:*:*:*:*:*:* |
Date Public
2024-08-05 12:00
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:the_document_foundation:libreoffice:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "libreoffice",
"vendor": "the_document_foundation",
"versions": [
{
"lessThan": "24.2.5",
"status": "affected",
"version": "24.2",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6472",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T14:28:03.223479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T14:32:48.640Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LibreOffice",
"vendor": "The Document Foundation",
"versions": [
{
"lessThan": "24.2.5",
"status": "affected",
"version": "24.2",
"versionType": "24.2 series"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks to OpenSource Security GmbH on behalf of the German Federal Office for Information Security"
}
],
"datePublic": "2024-08-05T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eCertificate Validation user interface in LibreOffice allows potential vulnerability.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eSigned macros are scripts that have been digitally signed by the \ndeveloper using a cryptographic signature. When a document with a signed\n macro is opened a warning is displayed by LibreOffice before the macro \nis executed.\u003cbr\u003e\u003cbr\u003ePreviously if verification failed the user could fail to understand the failure and choose to enable the macros anyway.\u003cbr\u003e\u003c/div\u003e\u003cp\u003eThis issue affects LibreOffice: from 24.2 before 24.2.5.\u003c/p\u003e"
}
],
"value": "Certificate Validation user interface in LibreOffice allows potential vulnerability.\n\n\n\n\nSigned macros are scripts that have been digitally signed by the \ndeveloper using a cryptographic signature. When a document with a signed\n macro is opened a warning is displayed by LibreOffice before the macro \nis executed.\n\nPreviously if verification failed the user could fail to understand the failure and choose to enable the macros anyway.\n\n\nThis issue affects LibreOffice: from 24.2 before 24.2.5."
}
],
"impacts": [
{
"capecId": "CAPEC-21",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-21 Exploitation of Trusted Identifiers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T12:55:39.199Z",
"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"shortName": "Document Fdn."
},
"references": [
{
"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2024-6472"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Ability to trust not validated macro signatures removed in high security mode",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"assignerShortName": "Document Fdn.",
"cveId": "CVE-2024-6472",
"datePublished": "2024-08-05T12:55:39.199Z",
"dateReserved": "2024-07-03T09:26:27.358Z",
"dateUpdated": "2024-08-05T14:32:48.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5261 (GCVE-0-2024-5261)
Vulnerability from cvelistv5 – Published: 2024-06-25 12:44 – Updated: 2024-08-01 21:11
VLAI
Title
TLS certificate are not properly verified when utilizing LibreOfficeKit
Summary
Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification
LibreOfficeKit can be used for accessing LibreOffice functionality
through C/C++. Typically this is used by third party components to reuse
LibreOffice as a library to convert, view or otherwise interact with
documents.
LibreOffice internally makes use of "curl" to fetch remote resources such as images hosted on webservers.
In
affected versions of LibreOffice, when used in LibreOfficeKit mode
only, then curl's TLS certification verification was disabled
(CURLOPT_SSL_VERIFYPEER of false)
In the fixed versions curl operates in LibreOfficeKit mode the same as in standard mode with CURLOPT_SSL_VERIFYPEER of true.
This issue affects LibreOffice before version 24.2.4.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| The Document Foundation | LibreOffice |
Affected:
24.2 , < 24.2.4
(24.2 series)
|
|
| libreoffice | libreoffice |
Affected:
0 , < 24.2.4
(custom)
cpe:2.3:a:libreoffice:libreoffice:24.2.4:*:*:*:*:*:*:* |
Date Public
2024-06-25 13:00
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:libreoffice:libreoffice:24.2.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "libreoffice",
"vendor": "libreoffice",
"versions": [
{
"lessThan": "24.2.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5261",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T13:27:12.094894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T13:29:25.699Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:11.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2024-5261"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LibreOffice",
"vendor": "The Document Foundation",
"versions": [
{
"lessThan": "24.2.4",
"status": "affected",
"version": "24.2",
"versionType": "24.2 series"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "OpenSource Security GmbH"
}
],
"datePublic": "2024-06-25T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eImproper Certificate Validation vulnerability in LibreOffice \"LibreOfficeKit\" mode disables TLS certification verification\u003c/div\u003e\u003cdiv\u003e\u003cp\u003eLibreOfficeKit can be used for accessing LibreOffice functionality \nthrough C/C++. Typically this is used by third party components to reuse\n LibreOffice as a library to convert, view or otherwise interact with \ndocuments.\u003c/p\u003e\u003cp\u003eLibreOffice internally makes use of \"curl\" to fetch remote resources such as images hosted on webservers.\u003c/p\u003e\u003cp\u003eIn\n affected versions of LibreOffice, when used in LibreOfficeKit mode \nonly, then curl\u0027s TLS certification verification was disabled \n(CURLOPT_SSL_VERIFYPEER of false)\u003cbr\u003e\u003cbr\u003eIn the fixed versions curl operates in LibreOfficeKit mode the same as in standard mode with CURLOPT_SSL_VERIFYPEER of true.\u003c/p\u003eThis issue affects LibreOffice before version 24.2.4.\u003c/div\u003e"
}
],
"value": "Improper Certificate Validation vulnerability in LibreOffice \"LibreOfficeKit\" mode disables TLS certification verification\n\nLibreOfficeKit can be used for accessing LibreOffice functionality \nthrough C/C++. Typically this is used by third party components to reuse\n LibreOffice as a library to convert, view or otherwise interact with \ndocuments.\n\nLibreOffice internally makes use of \"curl\" to fetch remote resources such as images hosted on webservers.\n\nIn\n affected versions of LibreOffice, when used in LibreOfficeKit mode \nonly, then curl\u0027s TLS certification verification was disabled \n(CURLOPT_SSL_VERIFYPEER of false)\n\nIn the fixed versions curl operates in LibreOfficeKit mode the same as in standard mode with CURLOPT_SSL_VERIFYPEER of true.\n\nThis issue affects LibreOffice before version 24.2.4."
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94 Adversary in the Middle (AiTM)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T12:44:24.251Z",
"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"shortName": "Document Fdn."
},
"references": [
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2024-5261"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "TLS certificate are not properly verified when utilizing LibreOfficeKit",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"assignerShortName": "Document Fdn.",
"cveId": "CVE-2024-5261",
"datePublished": "2024-06-25T12:44:24.251Z",
"dateReserved": "2024-05-23T07:20:08.542Z",
"dateUpdated": "2024-08-01T21:11:11.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3044 (GCVE-0-2024-3044)
Vulnerability from cvelistv5 – Published: 2024-05-14 20:19 – Updated: 2024-11-12 20:14
VLAI
Title
Graphic on-click binding allows unchecked script execution
Summary
Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Document Foundation | LibreOffice |
Affected:
7.6 , < 7.6.7
(7.6 series)
Affected: 24.2 , < 24.2.3 (24.2 series) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-3044",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-16T18:55:50.828860Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T20:14:27.961Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2024-3044"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TU3TYDXICKPYHMCNL7ARYYBXACEAYJ4/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LibreOffice",
"vendor": "The Document Foundation",
"versions": [
{
"lessThan": "7.6.7",
"status": "affected",
"version": "7.6",
"versionType": "7.6 series"
},
{
"lessThan": "24.2.3",
"status": "affected",
"version": "24.2",
"versionType": "24.2 series"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks to Amel Bouziane-Leblond for for finding and reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.\u003cbr\u003e"
}
],
"value": "Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted."
}
],
"impacts": [
{
"capecId": "CAPEC-160",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-160 Exploit Script-Based APIs"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-356",
"description": "CWE-356 Product UI does not Warn User of Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T10:09:29.430Z",
"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"shortName": "Document Fdn."
},
"references": [
{
"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2024-3044"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00016.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TU3TYDXICKPYHMCNL7ARYYBXACEAYJ4/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Graphic on-click binding allows unchecked script execution",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"assignerShortName": "Document Fdn.",
"cveId": "CVE-2024-3044",
"datePublished": "2024-05-14T20:19:51.426Z",
"dateReserved": "2024-03-28T15:28:21.866Z",
"dateUpdated": "2024-11-12T20:14:27.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36268 (GCVE-0-2023-36268)
Vulnerability from cvelistv5 – Published: 2024-04-30 00:00 – Updated: 2024-09-20 08:51
VLAI
DoS issues, or unexploitable crashes, are out of scope for vulnerabilities.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2024-09-20T08:51:59.529Z",
"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"shortName": "Document Fdn."
},
"rejectedReasons": [
{
"lang": "en",
"value": "DoS issues, or unexploitable crashes, are out of scope for vulnerabilities."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"assignerShortName": "Document Fdn.",
"cveId": "CVE-2023-36268",
"datePublished": "2024-04-30T00:00:00.000Z",
"dateRejected": "2024-09-20T08:51:59.529Z",
"dateReserved": "2023-06-21T00:00:00.000Z",
"dateUpdated": "2024-09-20T08:51:59.529Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6186 (GCVE-0-2023-6186)
Vulnerability from cvelistv5 – Published: 2023-12-11 11:56 – Updated: 2025-02-13 17:26
VLAI
Title
Link targets allow arbitrary script execution
Summary
Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning.
In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.
Severity
8.3 (High)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Document Foundation | LibreOffice |
Affected:
7.5 , < 7.5.9
(7.5 series)
Affected: 7.6 , < 7.6.4 (7.6 series) |
Date Public
2023-12-11 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:17.742Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2023-6186"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5574"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LibreOffice",
"vendor": "The Document Foundation",
"versions": [
{
"lessThan": "7.5.9",
"status": "affected",
"version": "7.5",
"versionType": "7.5 series"
},
{
"lessThan": "7.6.4",
"status": "affected",
"version": "7.6",
"versionType": "7.6 series"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Thanks to Reginaldo Silva of ubercomp.com for finding and reporting this issue"
}
],
"datePublic": "2023-12-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eInsufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning.\u003c/div\u003e\u003cdiv\u003eIn affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning.\n\nIn affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-31T14:06:33.556Z",
"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"shortName": "Document Fdn."
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2023-6186"
},
{
"url": "https://www.debian.org/security/2023/dsa-5574"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Link targets allow arbitrary script execution",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"assignerShortName": "Document Fdn.",
"cveId": "CVE-2023-6186",
"datePublished": "2023-12-11T11:56:40.349Z",
"dateReserved": "2023-11-17T09:15:24.395Z",
"dateUpdated": "2025-02-13T17:26:08.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6185 (GCVE-0-2023-6185)
Vulnerability from cvelistv5 – Published: 2023-12-11 11:52 – Updated: 2025-02-13 17:26
VLAI
Title
Improper input validation enabling arbitrary Gstreamer pipeline injection
Summary
Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins.
In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.
Severity
8.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Document Foundation | LibreOffice |
Affected:
7.5 , < 7.5.9
(7.5 series)
Affected: 7.6 , < 7.6.3 (7.6 series) |
Date Public
2023-12-11 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:17.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5574"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6185",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-20T16:47:31.483769Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T16:58:58.281Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LibreOffice",
"vendor": "The Document Foundation",
"versions": [
{
"lessThan": "7.5.9",
"status": "affected",
"version": "7.5",
"versionType": "7.5 series"
},
{
"lessThan": "7.6.3",
"status": "affected",
"version": "7.6",
"versionType": "7.6 series"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Thanks to Reginaldo Silva of ubercomp.com for finding and reporting this issue"
}
],
"datePublic": "2023-12-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eImproper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins.\u003c/div\u003e\u003cdiv\u003eIn affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.\u003c/div\u003e"
}
],
"value": "Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins.\n\nIn affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-31T14:06:29.950Z",
"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"shortName": "Document Fdn."
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185"
},
{
"url": "https://www.debian.org/security/2023/dsa-5574"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper input validation enabling arbitrary Gstreamer pipeline injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"assignerShortName": "Document Fdn.",
"cveId": "CVE-2023-6185",
"datePublished": "2023-12-11T11:52:06.388Z",
"dateReserved": "2023-11-17T09:15:06.687Z",
"dateUpdated": "2025-02-13T17:26:08.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2255 (GCVE-0-2023-2255)
Vulnerability from cvelistv5 – Published: 2023-05-25 00:00 – Updated: 2024-08-02 06:19
VLAI
Title
Remote documents loaded without prompt via IFrame
Summary
Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3.
Severity
No CVSS data available.
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.libreoffice.org/about-us/security/adv… | |
| https://www.debian.org/security/2023/dsa-5415 | vendor-advisory |
| https://lists.debian.org/debian-lts-announce/2023… | mailing-list |
| https://security.gentoo.org/glsa/202311-15 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Document Foundation | LibreOffice |
Affected:
7.4 , < 7.4.7
(custom)
Affected: 7.5 , < 7.5.3 (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2023-2255"
},
{
"name": "DSA-5415",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5415"
},
{
"name": "[debian-lts-announce] 20230813 [SECURITY] [DLA 3526-1] libreoffice security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00014.html"
},
{
"name": "GLSA-202311-15",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LibreOffice",
"vendor": "The Document Foundation",
"versions": [
{
"lessThan": "7.4.7",
"status": "affected",
"version": "7.4",
"versionType": "custom"
},
{
"lessThan": "7.5.3",
"status": "affected",
"version": "7.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Amel Bouziane-Leblond for discovering and reporting the issue"
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used \"floating frames\" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-26T09:06:16.295Z",
"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"shortName": "Document Fdn."
},
"references": [
{
"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2023-2255"
},
{
"name": "DSA-5415",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5415"
},
{
"name": "[debian-lts-announce] 20230813 [SECURITY] [DLA 3526-1] libreoffice security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00014.html"
},
{
"name": "GLSA-202311-15",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-15"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Remote documents loaded without prompt via IFrame",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"assignerShortName": "Document Fdn.",
"cveId": "CVE-2023-2255",
"datePublished": "2023-05-25T00:00:00.000Z",
"dateReserved": "2023-04-24T00:00:00.000Z",
"dateUpdated": "2024-08-02T06:19:14.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0950 (GCVE-0-2023-0950)
Vulnerability from cvelistv5 – Published: 2023-05-25 00:00 – Updated: 2025-04-23 16:21
VLAI
Title
Array Index UnderFlow in Calc Formula Parsing
Summary
Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to 7.5.1.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-129 - Improper Validation of Array Index
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.libreoffice.org/about-us/security/adv… | |
| https://www.debian.org/security/2023/dsa-5415 | vendor-advisory |
| https://lists.debian.org/debian-lts-announce/2023… | mailing-list |
| https://security.gentoo.org/glsa/202311-15 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Document Foundation | LibreOffice |
Affected:
7.4 , < 7.4.6
(custom)
Affected: 7.5 , < 7.5.1 (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:32:46.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2023-0950"
},
{
"name": "DSA-5415",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5415"
},
{
"name": "[debian-lts-announce] 20230813 [SECURITY] [DLA 3526-1] libreoffice security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00014.html"
},
{
"name": "GLSA-202311-15",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-15"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-0950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:28:15.822093Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:21:38.994Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LibreOffice",
"vendor": "The Document Foundation",
"versions": [
{
"lessThan": "7.4.6",
"status": "affected",
"version": "7.4",
"versionType": "custom"
},
{
"lessThan": "7.5.1",
"status": "affected",
"version": "7.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Secusmart GmbH for discovering and reporting the issue"
},
{
"lang": "en",
"value": "Eike Rathke of Red Hat, Inc. for a solution"
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to 7.5.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129 Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-26T09:06:14.773Z",
"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"shortName": "Document Fdn."
},
"references": [
{
"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2023-0950"
},
{
"name": "DSA-5415",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5415"
},
{
"name": "[debian-lts-announce] 20230813 [SECURITY] [DLA 3526-1] libreoffice security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00014.html"
},
{
"name": "GLSA-202311-15",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-15"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Array Index UnderFlow in Calc Formula Parsing",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"assignerShortName": "Document Fdn.",
"cveId": "CVE-2023-0950",
"datePublished": "2023-05-25T00:00:00.000Z",
"dateReserved": "2023-02-22T00:00:00.000Z",
"dateUpdated": "2025-04-23T16:21:38.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3140 (GCVE-0-2022-3140)
Vulnerability from cvelistv5 – Published: 2022-10-11 00:00 – Updated: 2024-08-03 01:00
VLAI
Title
Macro URL arbitrary script execution
Summary
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary script execution without warning. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.1; 7.3 versions prior to 7.3.6.
Severity
No CVSS data available.
CWE
- CWE-20 - Improper Input Validation
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.libreoffice.org/about-us/security/adv… | |
| https://www.debian.org/security/2022/dsa-5252 | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://security.gentoo.org/glsa/202212-04 | vendor-advisory |
| https://lists.debian.org/debian-lts-announce/2023… | mailing-list |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Document Foundation | LibreOffice |
Affected:
7.4 , < 7.4.1
(custom)
Affected: 7.3 , < 7.3.6 (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2022-3140"
},
{
"name": "DSA-5252",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5252"
},
{
"name": "FEDORA-2022-775c747e4a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TORANVTIWWBH3DNJR4UZATAG67KZOH32/"
},
{
"name": "GLSA-202212-04",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202212-04"
},
{
"name": "[debian-lts-announce] 20230326 [SECURITY] [DLA 3368-1] libreoffice security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LibreOffice",
"vendor": "The Document Foundation",
"versions": [
{
"lessThan": "7.4.1",
"status": "affected",
"version": "7.4",
"versionType": "custom"
},
{
"lessThan": "7.3.6",
"status": "affected",
"version": "7.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "TheSecurityDev working with Trend Micro Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme \u0027vnd.libreoffice.command\u0027 specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary script execution without warning. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.1; 7.3 versions prior to 7.3.6."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-26T00:00:00.000Z",
"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"shortName": "Document Fdn."
},
"references": [
{
"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2022-3140"
},
{
"name": "DSA-5252",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5252"
},
{
"name": "FEDORA-2022-775c747e4a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TORANVTIWWBH3DNJR4UZATAG67KZOH32/"
},
{
"name": "GLSA-202212-04",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202212-04"
},
{
"name": "[debian-lts-announce] 20230326 [SECURITY] [DLA 3368-1] libreoffice security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Macro URL arbitrary script execution",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"assignerShortName": "Document Fdn.",
"cveId": "CVE-2022-3140",
"datePublished": "2022-10-11T00:00:00.000Z",
"dateReserved": "2022-09-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T01:00:10.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26307 (GCVE-0-2022-26307)
Vulnerability from cvelistv5 – Published: 2022-07-25 00:00 – Updated: 2024-08-03 05:03
VLAI
Title
Weak Master Keys
Summary
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulerable to a brute force attack if an attacker has access to the users stored config. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.3.
Severity
No CVSS data available.
CWE
- CWE-326 - Inadequate Encryption Strength
Assigner
References
3 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Document Foundation | LibreOffice |
Affected:
7.2 , < 7.2.7
(custom)
Affected: 7.3 , < 7.3.3 (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:31.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2022-26307"
},
{
"name": "[oss-security] 20220812 CVE-2022-37401: Apache OpenOffice Weak Master Keys",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/13/2"
},
{
"name": "[debian-lts-announce] 20230326 [SECURITY] [DLA 3368-1] libreoffice security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LibreOffice",
"vendor": "The Document Foundation",
"versions": [
{
"lessThan": "7.2.7",
"status": "affected",
"version": "7.2",
"versionType": "custom"
},
{
"lessThan": "7.3.3",
"status": "affected",
"version": "7.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "OpenSource Security GmbH on behalf of the German Federal Office for Information Security"
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreOffice supports the storage of passwords for web connections in the user\u2019s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulerable to a brute force attack if an attacker has access to the users stored config. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.3."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "CWE-326 Inadequate Encryption Strength",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-26T00:00:00.000Z",
"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"shortName": "Document Fdn."
},
"references": [
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2022-26307"
},
{
"name": "[oss-security] 20220812 CVE-2022-37401: Apache OpenOffice Weak Master Keys",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/13/2"
},
{
"name": "[debian-lts-announce] 20230326 [SECURITY] [DLA 3368-1] libreoffice security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Weak Master Keys",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"assignerShortName": "Document Fdn.",
"cveId": "CVE-2022-26307",
"datePublished": "2022-07-25T00:00:00.000Z",
"dateReserved": "2022-02-28T00:00:00.000Z",
"dateUpdated": "2024-08-03T05:03:31.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26305 (GCVE-0-2022-26305)
Vulnerability from cvelistv5 – Published: 2022-07-25 00:00 – Updated: 2024-08-03 05:03
VLAI
Title
Execution of Untrusted Macros Due to Improper Certificate Validation
Summary
An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. This is not sufficient to verify that the macro was actually signed with the certificate. An adversary could therefore create an arbitrary certificate with a serial number and an issuer string identical to a trusted certificate which LibreOffice would present as belonging to the trusted author, potentially leading to the user to execute arbitrary code contained in macros improperly trusted. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1.
Severity
No CVSS data available.
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Document Foundation | LibreOffice |
Affected:
7.2 , < 7.2.7
(custom)
Affected: 7.3 , < 7.3.1 (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:31.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2022-26305"
},
{
"name": "[debian-lts-announce] 20230326 [SECURITY] [DLA 3368-1] libreoffice security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LibreOffice",
"vendor": "The Document Foundation",
"versions": [
{
"lessThan": "7.2.7",
"status": "affected",
"version": "7.2",
"versionType": "custom"
},
{
"lessThan": "7.3.1",
"status": "affected",
"version": "7.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "OpenSource Security GmbH on behalf of the German Federal Office for Information Security"
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. This is not sufficient to verify that the macro was actually signed with the certificate. An adversary could therefore create an arbitrary certificate with a serial number and an issuer string identical to a trusted certificate which LibreOffice would present as belonging to the trusted author, potentially leading to the user to execute arbitrary code contained in macros improperly trusted. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-26T00:00:00.000Z",
"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"shortName": "Document Fdn."
},
"references": [
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2022-26305"
},
{
"name": "[debian-lts-announce] 20230326 [SECURITY] [DLA 3368-1] libreoffice security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Execution of Untrusted Macros Due to Improper Certificate Validation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"assignerShortName": "Document Fdn.",
"cveId": "CVE-2022-26305",
"datePublished": "2022-07-25T00:00:00.000Z",
"dateReserved": "2022-02-28T00:00:00.000Z",
"dateUpdated": "2024-08-03T05:03:31.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26306 (GCVE-0-2022-26306)
Vulnerability from cvelistv5 – Published: 2022-07-25 00:00 – Updated: 2024-08-03 05:03
VLAI
Title
Execution of Untrusted Macros Due to Improper Certificate Validation
Summary
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user's configuration data. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1.
Severity
No CVSS data available.
CWE
- CWE-326 - Inadequate Encryption Strength
Assigner
References
3 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Document Foundation | LibreOffice |
Affected:
7.2 , < 7.2.7
(custom)
Affected: 7.3 , < 7.3.1 (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:31.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2022-26306"
},
{
"name": "[oss-security] 20220812 CVE-2022-37400: Apache OpenOffice Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/13/1"
},
{
"name": "[debian-lts-announce] 20230326 [SECURITY] [DLA 3368-1] libreoffice security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LibreOffice",
"vendor": "The Document Foundation",
"versions": [
{
"lessThan": "7.2.7",
"status": "affected",
"version": "7.2",
"versionType": "custom"
},
{
"lessThan": "7.3.1",
"status": "affected",
"version": "7.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "OpenSource Security GmbH on behalf of the German Federal Office for Information Security"
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreOffice supports the storage of passwords for web connections in the user\u2019s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user\u0027s configuration data. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "CWE-326 Inadequate Encryption Strength",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-26T00:00:00.000Z",
"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"shortName": "Document Fdn."
},
"references": [
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2022-26306"
},
{
"name": "[oss-security] 20220812 CVE-2022-37400: Apache OpenOffice Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/13/1"
},
{
"name": "[debian-lts-announce] 20230326 [SECURITY] [DLA 3368-1] libreoffice security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Execution of Untrusted Macros Due to Improper Certificate Validation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"assignerShortName": "Document Fdn.",
"cveId": "CVE-2022-26306",
"datePublished": "2022-07-25T00:00:00.000Z",
"dateReserved": "2022-02-28T00:00:00.000Z",
"dateUpdated": "2024-08-03T05:03:31.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25636 (GCVE-0-2021-25636)
Vulnerability from cvelistv5 – Published: 2022-02-22 00:00 – Updated: 2024-08-03 20:11
VLAI
Title
Incorrect trust validation of signature with ambiguous KeyInfo children
Summary
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both "X509Data" and "KeyValue" children of the "KeyInfo" tag, which when opened caused LibreOffice to verify using the "KeyValue" but to report verification with the unrelated "X509Data" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5.
Severity
No CVSS data available.
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.libreoffice.org/about-us/security/adv… | |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.debian.org/debian-lts-announce/2023… | mailing-list |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Document Foundation | LibreOffice |
Affected:
7.2 , < 7.2.5
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25636/"
},
{
"name": "FEDORA-2022-3bbe89c20f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NE6UIBCPZWRBWPSEGJOPNWPPT3CCMVH2/"
},
{
"name": "[debian-lts-announce] 20230326 [SECURITY] [DLA 3368-1] libreoffice security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LibreOffice",
"vendor": "The Document Foundation",
"versions": [
{
"lessThan": "7.2.5",
"status": "affected",
"version": "7.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to NDS of Ruhr University Bochum for discovering and reporting this problem."
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both \"X509Data\" and \"KeyValue\" children of the \"KeyInfo\" tag, which when opened caused LibreOffice to verify using the \"KeyValue\" but to report verification with the unrelated \"X509Data\" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-26T00:00:00.000Z",
"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"shortName": "Document Fdn."
},
"references": [
{
"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25636/"
},
{
"name": "FEDORA-2022-3bbe89c20f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NE6UIBCPZWRBWPSEGJOPNWPPT3CCMVH2/"
},
{
"name": "[debian-lts-announce] 20230326 [SECURITY] [DLA 3368-1] libreoffice security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Incorrect trust validation of signature with ambiguous KeyInfo children",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"assignerShortName": "Document Fdn.",
"cveId": "CVE-2021-25636",
"datePublished": "2022-02-22T00:00:00.000Z",
"dateReserved": "2021-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:11:27.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25634 (GCVE-0-2021-25634)
Vulnerability from cvelistv5 – Published: 2021-10-12 13:33 – Updated: 2024-09-17 00:46
VLAI
Title
Timestamp Manipulation with Signature Wrapping
Summary
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to modify a digitally signed ODF document to insert an additional signing time timestamp which LibreOffice would incorrectly present as a valid signature signed at the bogus signing time. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2.
Severity
No CVSS data available.
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.libreoffice.org/about-us/security/adv… | x_refsource_MISC |
| https://www.debian.org/security/2021/dsa-4988 | vendor-advisoryx_refsource_DEBIAN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Document Foundation | LibreOffice |
Affected:
7-0 , < 7.0.6
(custom)
Affected: 7-1 , < 7.1.2 (custom) |
Date Public
2021-10-11 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25634"
},
{
"name": "DSA-4988",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4988"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LibreOffice",
"vendor": "The Document Foundation",
"versions": [
{
"lessThan": "7.0.6",
"status": "affected",
"version": "7-0",
"versionType": "custom"
},
{
"lessThan": "7.1.2",
"status": "affected",
"version": "7-1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NDS of Ruhr University Bochum"
}
],
"datePublic": "2021-10-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to modify a digitally signed ODF document to insert an additional signing time timestamp which LibreOffice would incorrectly present as a valid signature signed at the bogus signing time. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-17T10:06:24.000Z",
"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"shortName": "Document Fdn."
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25634"
},
{
"name": "DSA-4988",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4988"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to 7.0.6 or 7.1.2 or 7.2.0"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Timestamp Manipulation with Signature Wrapping",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@documentfoundation.org",
"DATE_PUBLIC": "2021-10-11T00:00:00.000Z",
"ID": "CVE-2021-25634",
"STATE": "PUBLIC",
"TITLE": "Timestamp Manipulation with Signature Wrapping"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LibreOffice",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7-0",
"version_value": "7.0.6"
},
{
"version_affected": "\u003c",
"version_name": "7-1",
"version_value": "7.1.2"
}
]
}
}
]
},
"vendor_name": "The Document Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NDS of Ruhr University Bochum"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to modify a digitally signed ODF document to insert an additional signing time timestamp which LibreOffice would incorrectly present as a valid signature signed at the bogus signing time. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25634",
"refsource": "MISC",
"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25634"
},
{
"name": "DSA-4988",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4988"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to 7.0.6 or 7.1.2 or 7.2.0"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"assignerShortName": "Document Fdn.",
"cveId": "CVE-2021-25634",
"datePublished": "2021-10-12T13:33:54.266Z",
"dateReserved": "2021-01-19T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:46:33.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}