| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of LibreOffice
LibreOffice: code execution via an hypertext link
Synthesis of the vulnerability
An attacker can use a vulnerability in the handling of hypertext links in LibreOffice, in order to run an external program.
Impacted products: LibreOffice.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: document.
Creation date: 09/05/2019.
Identifiers: CVE-2019-9847, VIGILANCE-VUL-29258.
Description of the vulnerability
An attacker can use a vulnerability in the handling of hypertext links in LibreOffice, in order to run an external program.
Full Vigil@nce bulletin... (Free trial) |
LibreOffice: buffer overflow via FreeBSD realpath
Synthesis of the vulnerability
An attacker can generate a buffer overflow via FreeBSD realpath() of LibreOffice, in order to trigger a denial of service, and possibly to run code.
Impacted products: LibreOffice.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 06/08/2018.
Identifiers: 118514, CVE-2018-14939, VIGILANCE-VUL-26911.
Description of the vulnerability
An attacker can generate a buffer overflow via FreeBSD realpath() of LibreOffice, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
LibreOffice/OpenOffice: information disclosure via SMB Credentials
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via SMB Credential of LibreOffice/OpenOffice, in order to obtain sensitive information.
Impacted products: OpenOffice, LibreOffice, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet server.
Creation date: 02/05/2018.
Identifiers: CVE-2018-10583, openSUSE-SU-2018:2532-1, openSUSE-SU-2018:2533-1, openSUSE-SU-2018:3796-1, RHSA-2018:3054-01, SUSE-SU-2018:2485-1, SUSE-SU-2018:2485-2, SUSE-SU-2018:2535-1, SUSE-SU-2018:3683-1, USN-3883-1, VIGILANCE-VUL-26023.
Description of the vulnerability
An attacker can bypass access restrictions to data via SMB Credential of LibreOffice/OpenOffice, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
LibreOffice: buffer overflow via SwCTBWrapper-Read
Synthesis of the vulnerability
An attacker can generate a buffer overflow via SwCTBWrapper::Read() of LibreOffice, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, LibreOffice, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 16/04/2018.
Identifiers: CVE-2018-10120, DLA-1356-1, DSA-4178-1, openSUSE-SU-2018:1311-1, RHSA-2018:3054-01, SUSE-SU-2018:1296-1, USN-3883-1, VIGILANCE-VUL-25881.
Description of the vulnerability
An attacker can generate a buffer overflow via SwCTBWrapper::Read() of LibreOffice, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
LibreOffice: use after free via StgSmallStrm
Synthesis of the vulnerability
An attacker can force the usage of a freed memory area via StgSmallStrm of LibreOffice, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, LibreOffice, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 16/04/2018.
Identifiers: CVE-2018-10119, DLA-1356-1, DSA-4178-1, openSUSE-SU-2018:1311-1, RHSA-2018:3054-01, SUSE-SU-2018:1296-1, USN-3883-1, VIGILANCE-VUL-25880.
Description of the vulnerability
An attacker can force the usage of a freed memory area via StgSmallStrm of LibreOffice, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
LibreOffice: directory traversal
Synthesis of the vulnerability
An attacker can traverse directories of LibreOffice, in order to read a file outside the service root path.
Impacted products: Debian, Fedora, LibreOffice, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 12/02/2018.
Identifiers: CVE-2018-1055-REJECT, CVE-2018-6871, DSA-4111-1, DSA-4111-2, FEDORA-2018-0a3b07a003, FEDORA-2018-3eb4d8e4c4, openSUSE-SU-2018:0446-1, RHSA-2018:0418-01, RHSA-2018:0517-01, SUSE-SU-2018:0428-1, USN-3579-1, USN-3579-2, USN-3579-3, VIGILANCE-VUL-25275.
Description of the vulnerability
An attacker can traverse directories of LibreOffice, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial) |
libwpd: out-of-bounds memory reading via WPXTableList
Synthesis of the vulnerability
An attacker can force a read at an invalid address via WPXTableList of libwpd, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Fedora, LibreOffice, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading, denial of service on client.
Provenance: document.
Creation date: 11/09/2017.
Identifiers: 112269, CVE-2017-14226, FEDORA-2017-63ff51c0dc, FEDORA-2017-6e66393536, openSUSE-SU-2017:2943-1, SUSE-SU-2017:2931-1, VIGILANCE-VUL-23796.
Description of the vulnerability
An attacker can force a read at an invalid address via WPXTableList of libwpd, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
LibreOffice: memory corruption via ReadJPEG
Synthesis of the vulnerability
An attacker can generate a memory corruption via ReadJPEG() of LibreOffice, in order to trigger a denial of service, and possibly to run code.
Impacted products: LibreOffice, openSUSE Leap.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 02/05/2017.
Identifiers: CVE-2017-8358, openSUSE-SU-2017:1851-1, openSUSE-SU-2017:2488-1, VIGILANCE-VUL-22614.
Description of the vulnerability
An attacker can generate a memory corruption via ReadJPEG() of LibreOffice, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
LibreOffice: buffer overflow via HWPFile-TagsRead
Synthesis of the vulnerability
An attacker can generate a buffer overflow via HWPFile::TagsRead() of LibreOffice, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, LibreOffice, openSUSE Leap.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 18/04/2017.
Identifiers: CVE-2017-7882, FEDORA-2017-7a7d2044c9, openSUSE-SU-2017:1851-1, openSUSE-SU-2017:2488-1, VIGILANCE-VUL-22484.
Description of the vulnerability
An attacker can generate a buffer overflow via HWPFile::TagsRead() of LibreOffice, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
LibreOffice: buffer overflow via tools-Polygon-Insert
Synthesis of the vulnerability
An attacker can generate a buffer overflow via tools::Polygon::Insert() of LibreOffice, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, LibreOffice, openSUSE Leap, RHEL, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 18/04/2017.
Identifiers: CVE-2017-7870, DLA-910-1, DSA-3837-1, FEDORA-2017-7a7d2044c9, openSUSE-SU-2017:1851-1, openSUSE-SU-2017:2488-1, RHSA-2017:1975-01, USN-3273-1, VIGILANCE-VUL-22483.
Description of the vulnerability
An attacker can generate a buffer overflow via tools::Polygon::Insert() of LibreOffice, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about LibreOffice:
|