The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of LibreOffice

vulnerability alert CVE-2018-14939

LibreOffice: buffer overflow via FreeBSD realpath

Synthesis of the vulnerability

An attacker can generate a buffer overflow via FreeBSD realpath() of LibreOffice, in order to trigger a denial of service, and possibly to run code.
Impacted products: LibreOffice.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 06/08/2018.
Identifiers: 118514, CVE-2018-14939, VIGILANCE-VUL-26911.

Description of the vulnerability

An attacker can generate a buffer overflow via FreeBSD realpath() of LibreOffice, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-10583

LibreOffice/OpenOffice: information disclosure via SMB Credentials

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via SMB Credential of LibreOffice/OpenOffice, in order to obtain sensitive information.
Impacted products: OpenOffice, LibreOffice, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet server.
Creation date: 02/05/2018.
Identifiers: CVE-2018-10583, openSUSE-SU-2018:2532-1, openSUSE-SU-2018:2533-1, openSUSE-SU-2018:3796-1, RHSA-2018:3054-01, SUSE-SU-2018:2485-1, SUSE-SU-2018:2485-2, SUSE-SU-2018:2535-1, SUSE-SU-2018:3683-1, USN-3883-1, VIGILANCE-VUL-26023.

Description of the vulnerability

An attacker can bypass access restrictions to data via SMB Credential of LibreOffice/OpenOffice, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-10120

LibreOffice: buffer overflow via SwCTBWrapper-Read

Synthesis of the vulnerability

An attacker can generate a buffer overflow via SwCTBWrapper::Read() of LibreOffice, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, LibreOffice, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 16/04/2018.
Identifiers: CVE-2018-10120, DLA-1356-1, DSA-4178-1, openSUSE-SU-2018:1311-1, RHSA-2018:3054-01, SUSE-SU-2018:1296-1, USN-3883-1, VIGILANCE-VUL-25881.

Description of the vulnerability

An attacker can generate a buffer overflow via SwCTBWrapper::Read() of LibreOffice, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-10119

LibreOffice: use after free via StgSmallStrm

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via StgSmallStrm of LibreOffice, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, LibreOffice, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 16/04/2018.
Identifiers: CVE-2018-10119, DLA-1356-1, DSA-4178-1, openSUSE-SU-2018:1311-1, RHSA-2018:3054-01, SUSE-SU-2018:1296-1, USN-3883-1, VIGILANCE-VUL-25880.

Description of the vulnerability

An attacker can force the usage of a freed memory area via StgSmallStrm of LibreOffice, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-6871

LibreOffice: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of LibreOffice, in order to read a file outside the service root path.
Impacted products: Debian, Fedora, LibreOffice, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 12/02/2018.
Identifiers: CVE-2018-1055-REJECT, CVE-2018-6871, DSA-4111-1, DSA-4111-2, FEDORA-2018-0a3b07a003, FEDORA-2018-3eb4d8e4c4, openSUSE-SU-2018:0446-1, RHSA-2018:0418-01, RHSA-2018:0517-01, SUSE-SU-2018:0428-1, USN-3579-1, USN-3579-2, USN-3579-3, VIGILANCE-VUL-25275.

Description of the vulnerability

An attacker can traverse directories of LibreOffice, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-14226

libwpd: out-of-bounds memory reading via WPXTableList

Synthesis of the vulnerability

An attacker can force a read at an invalid address via WPXTableList of libwpd, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Fedora, LibreOffice, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading, denial of service on client.
Provenance: document.
Creation date: 11/09/2017.
Identifiers: 112269, CVE-2017-14226, FEDORA-2017-63ff51c0dc, FEDORA-2017-6e66393536, openSUSE-SU-2017:2943-1, SUSE-SU-2017:2931-1, VIGILANCE-VUL-23796.

Description of the vulnerability

An attacker can force a read at an invalid address via WPXTableList of libwpd, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-8358

LibreOffice: memory corruption via ReadJPEG

Synthesis of the vulnerability

An attacker can generate a memory corruption via ReadJPEG() of LibreOffice, in order to trigger a denial of service, and possibly to run code.
Impacted products: LibreOffice, openSUSE Leap.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 02/05/2017.
Identifiers: CVE-2017-8358, openSUSE-SU-2017:1851-1, openSUSE-SU-2017:2488-1, VIGILANCE-VUL-22614.

Description of the vulnerability

An attacker can generate a memory corruption via ReadJPEG() of LibreOffice, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-7882

LibreOffice: buffer overflow via HWPFile-TagsRead

Synthesis of the vulnerability

An attacker can generate a buffer overflow via HWPFile::TagsRead() of LibreOffice, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, LibreOffice, openSUSE Leap.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 18/04/2017.
Identifiers: CVE-2017-7882, FEDORA-2017-7a7d2044c9, openSUSE-SU-2017:1851-1, openSUSE-SU-2017:2488-1, VIGILANCE-VUL-22484.

Description of the vulnerability

An attacker can generate a buffer overflow via HWPFile::TagsRead() of LibreOffice, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-7870

LibreOffice: buffer overflow via tools-Polygon-Insert

Synthesis of the vulnerability

An attacker can generate a buffer overflow via tools::Polygon::Insert() of LibreOffice, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, LibreOffice, openSUSE Leap, RHEL, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 18/04/2017.
Identifiers: CVE-2017-7870, DLA-910-1, DSA-3837-1, FEDORA-2017-7a7d2044c9, openSUSE-SU-2017:1851-1, openSUSE-SU-2017:2488-1, RHSA-2017:1975-01, USN-3273-1, VIGILANCE-VUL-22483.

Description of the vulnerability

An attacker can generate a buffer overflow via tools::Polygon::Insert() of LibreOffice, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-7856

LibreOffice: buffer overflow via SVMConverter-ImplConvertFromSVM1

Synthesis of the vulnerability

An attacker can generate a buffer overflow via SVMConverter::ImplConvertFromSVM1() of LibreOffice, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, LibreOffice.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 18/04/2017.
Identifiers: CVE-2017-7856, FEDORA-2017-7a7d2044c9, VIGILANCE-VUL-22482.

Description of the vulnerability

An attacker can generate a buffer overflow via SVMConverter::ImplConvertFromSVM1() of LibreOffice, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about LibreOffice: