Libreoffice Libreoffice
27 CVEs affecting Libreoffice Libreoffice. Latest disclosed: 2026-05-07. Critical: 5, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-8358 | Critical | 9.8 | 2017-04-30 | LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpeg… |
CVE-2017-7882 | Critical | 9.8 | 2017-04-15 | LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx. |
CVE-2017-7870 | Critical | 9.8 | 2017-04-14 | LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/… |
CVE-2017-7856 | Critical | 9.8 | 2017-04-14 | LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source… |
CVE-2016-10327 | Critical | 9.8 | 2017-04-14 | LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/… |
CVE-2026-4430 | High | 7.8 | 2026-05-07 | Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue af… |
CVE-2016-4324 | High | 7.8 | 2016-07-08 | Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and su… |
CVE-2016-0795 | High | 7.8 | 2016-02-18 | LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTo… |
CVE-2016-0794 | High | 7.8 | 2016-02-18 | The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact v… |
CVE-2017-14226 | High | 7.5 | 2017-09-09 | WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial… |
CVE-2012-0037 | Medium | 6.5 | 2012-06-17 | Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allow… |
CVE-2015-5214 | | 2015-11-10 | LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and ap… | |
CVE-2015-5213 | | 2015-11-10 | Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and app… | |
CVE-2015-5212 | | 2015-11-10 | Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is e… | |
CVE-2015-4551 | | 2015-11-10 | LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates… | |
CVE-2015-1774 | | 2015-04-28 | The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (cras… | |
CVE-2014-9093 | | 2014-11-26 | LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a cra… | |
CVE-2014-3693 | | 2014-11-07 | Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a… | |
CVE-2014-3575 | | 2014-08-27 | The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via c… | |
CVE-2014-3524 | | 2014-08-26 | Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet. |