This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Libreoffice First view 2014-08-26
Product Libreoffice Last view 2022-10-11
Version 4.3.0.3 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:libreoffice:libreoffice

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
6.3 2022-10-11 CVE-2022-3140

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary script execution without warning. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.1; 7.3 versions prior to 7.3.6.

8.8 2022-07-25 CVE-2022-26307

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulerable to a brute force attack if an attacker has access to the users stored config. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.3.

7.5 2022-07-25 CVE-2022-26306

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user's configuration data. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1.

7.5 2022-07-25 CVE-2022-26305

An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. This is not sufficient to verify that the macro was actually signed with the certificate. An adversary could therefore create an arbitrary certificate with a serial number and an issuer string identical to a trusted certificate which LibreOffice would present as belonging to the trusted author, potentially leading to the user to execute arbitrary code contained in macros improperly trusted. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1.

7.5 2022-02-24 CVE-2021-25636

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both "X509Data" and "KeyValue" children of the "KeyInfo" tag, which when opened caused LibreOffice to verify using the "KeyValue" but to report verification with the unrelated "X509Data" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5.

7.5 2021-10-12 CVE-2021-25634

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to modify a digitally signed ODF document to insert an additional signing time timestamp which LibreOffice would incorrectly present as a valid signature signed at the bogus signing time. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2.

7.5 2021-10-11 CVE-2021-25633

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to combine multiple certificate data, which when opened caused LibreOffice to display a validly signed indicator but whose content was unrelated to the signature shown. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2.

8.8 2021-05-03 CVE-2021-25631

In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type.

6.5 2020-06-08 CVE-2020-12803

ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need for macros or other active scripting Prior to version 6.4.4 LibreOffice allowed forms to be submitted to any URI, including file: URIs, enabling form submissions to overwrite local files. User-interaction is required to submit the form, but to avoid the possibility of malicious documents engineered to maximize the possibility of inadvertent user submission this feature has now been limited to http[s] URIs, removing the possibility to overwrite local files. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4.

5.3 2020-06-08 CVE-2020-12802

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where remote graphic links loaded from docx documents were omitted from this protection prior to version 6.4.4. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4.

5.3 2020-05-18 CVE-2020-12801

If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice's default ODF file format, then affected versions of LibreOffice default that subsequent saves of the document are unencrypted. This may lead to a user accidentally saving a MSOffice file format document unencrypted while believing it to be encrypted. This issue affects: LibreOffice 6-3 series versions prior to 6.3.6; 6-4 series versions prior to 6.4.3.

7.8 2019-09-27 CVE-2019-9853

LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in the possibility to construct a document where macro execution bypassed the security settings. The documents were correctly detected as containing macros, and prompted the user to their existence within the documents, but macros within the document were subsequently not controlled by the security settings allowing arbitrary macro execution This issue affects: LibreOffice 6.2 series versions prior to 6.2.7; LibreOffice 6.3 series versions prior to 6.3.1.

9.8 2019-09-06 CVE-2019-9855

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added to block calling LibreLogo from script event handers. However a Windows 8.3 path equivalence handling flaw left LibreOffice vulnerable under Windows that a document could trigger executing LibreLogo via a Windows filename pseudonym. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1.

7.8 2019-09-06 CVE-2019-9854

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding attack to defeat the path verification step. However this protection could be bypassed by taking advantage of a flaw in how LibreOffice assembled the final script URL location directly from components of the passed in path as opposed to solely from the sanitized output of the path verification step. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1.

7.8 2019-08-15 CVE-2019-9852

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2018-16858, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed. However this new protection could be bypassed by a URL encoding attack. In the fixed versions, the parsed url describing the script location is correctly encoded before further processing. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.

9.8 2019-08-15 CVE-2019-9851

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.

9.8 2019-08-15 CVE-2019-9850

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from script event handers. However an insufficient url validation vulnerability in LibreOffice allowed malicious to bypass that protection and again trigger calling LibreLogo from script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.

4.3 2019-07-17 CVE-2019-9849

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5.

9.8 2019-07-17 CVE-2019-9848

LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5.

7.8 2019-05-09 CVE-2019-9847

A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable target is unconditionally launched. Under Windows and macOS when processing a hyperlink target explicitly activated by the user there was no judgment made on whether the target was an executable file, so such executable targets were launched unconditionally. This issue affects: All LibreOffice Windows and macOS versions prior to 6.1.6; LibreOffice Windows and macOS versions in the 6.2 series prior to 6.2.3.

9.8 2019-03-25 CVE-2018-16858

It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.

9.8 2018-08-05 CVE-2018-14939

The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site.

7.8 2018-04-16 CVE-2018-10120

The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record.

7.8 2018-04-16 CVE-2018-10119

sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format.

9.8 2018-02-09 CVE-2018-6871

LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.

CWE : Common Weakness Enumeration

%idName
17% (7) CWE-787 Out-of-bounds Write
15% (6) CWE-20 Improper Input Validation
12% (5) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
10% (4) CWE-295 Certificate Issues
7% (3) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
5% (2) CWE-312 Cleartext Storage of Sensitive Information
5% (2) CWE-200 Information Exposure
2% (1) CWE-417 Channel and Path Errors
2% (1) CWE-416 Use After Free
2% (1) CWE-326 Inadequate Encryption Strength
2% (1) CWE-191 Integer Underflow (Wrap or Wraparound)
2% (1) CWE-189 Numeric Errors
2% (1) CWE-129 Improper Validation of Array Index
2% (1) CWE-125 Out-of-bounds Read
2% (1) CWE-116 Improper Encoding or Escaping of Output
2% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
2% (1) CWE-88 Argument Injection or Modification
2% (1) CWE-77 Improper Sanitization of Special Elements used in a Command ('Comma...

Information Assurance Vulnerability Management (IAVM)

id Description
2014-B-0117 Multiple Vulnerabilities in Apache OpenOffice
Severity: Category II - VMSKEY: V0054059

Snort® IPS/IDS

Date Description
2019-11-26 LibreOffice office document arbitrary script execution attempt
RuleID : 52000 - Type : FILE-OTHER - Revision : 1
2019-11-26 LibreOffice office document arbitrary script execution attempt
RuleID : 51999 - Type : FILE-OTHER - Revision : 1
2019-09-19 LibreOffice macro remote code execution attempt
RuleID : 51101 - Type : FILE-OTHER - Revision : 1
2019-09-19 LibreOffice macro remote code execution attempt
RuleID : 51100 - Type : FILE-OTHER - Revision : 1
2019-09-19 LibreOffice macro remote code execution attempt
RuleID : 51099 - Type : FILE-OTHER - Revision : 1
2019-09-19 LibreOffice macro remote code execution attempt
RuleID : 51098 - Type : FILE-OTHER - Revision : 1
2018-09-18 LibreOffice WEBSERVICE arbitrary file disclosure attempt
RuleID : 47566 - Type : FILE-OFFICE - Revision : 1
2018-09-18 LibreOffice WEBSERVICE arbitrary file disclosure attempt
RuleID : 47565 - Type : FILE-OFFICE - Revision : 1
2016-06-07 Document Foundation LibreOffice RTF stylesheet use after free attempt
RuleID : 39149 - Type : FILE-OFFICE - Revision : 4
2016-06-07 Document Foundation LibreOffice RTF stylesheet use after free attempt
RuleID : 39148 - Type : FILE-OFFICE - Revision : 4

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-04-30 Name: The remote Fedora host is missing a security update.
File: fedora_2018-e87eb1ae68.nasl - Type: ACT_GATHER_INFO
2018-04-23 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4178.nasl - Type: ACT_GATHER_INFO
2018-04-20 Name: The remote Debian host is missing a security update.
File: debian_DLA-1356.nasl - Type: ACT_GATHER_INFO
2018-03-15 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-0517.nasl - Type: ACT_GATHER_INFO
2018-03-12 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-0418.nasl - Type: ACT_GATHER_INFO
2018-02-26 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_289269f10def11e899b0d017c2987f9a.nasl - Type: ACT_GATHER_INFO
2018-02-20 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201802-06.nasl - Type: ACT_GATHER_INFO
2018-02-15 Name: The remote Fedora host is missing a security update.
File: fedora_2018-3eb4d8e4c4.nasl - Type: ACT_GATHER_INFO
2018-02-12 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4111.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-5128c8cfe2.nasl - Type: ACT_GATHER_INFO
2017-11-07 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-1247.nasl - Type: ACT_GATHER_INFO
2017-11-07 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2931-1.nasl - Type: ACT_GATHER_INFO
2017-11-02 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2017-1275.nasl - Type: ACT_GATHER_INFO
2017-11-02 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2017-1274.nasl - Type: ACT_GATHER_INFO
2017-09-20 Name: The remote Fedora host is missing a security update.
File: fedora_2017-63ff51c0dc.nasl - Type: ACT_GATHER_INFO
2017-09-18 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-1048.nasl - Type: ACT_GATHER_INFO
2017-09-01 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2315-1.nasl - Type: ACT_GATHER_INFO
2017-08-25 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-1975.nasl - Type: ACT_GATHER_INFO
2017-08-22 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170801_libreoffice_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-1975.nasl - Type: ACT_GATHER_INFO
2017-08-02 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-1975.nasl - Type: ACT_GATHER_INFO
2017-07-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-807.nasl - Type: ACT_GATHER_INFO
2017-07-10 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1821-1.nasl - Type: ACT_GATHER_INFO
2017-06-28 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201706-28.nasl - Type: ACT_GATHER_INFO
2017-05-16 Name: The remote Fedora host is missing a security update.
File: fedora_2017-7a7d2044c9.nasl - Type: ACT_GATHER_INFO