LibreOffice多版本安全漏洞公告(CVE合集)

漏洞概述 该网页列出了多个LibreOffice的安全漏洞，每个漏洞都对应一个CVE编号，并详细描述了漏洞的性质和影响。 影响范围 LibreOffice 26.2.3/25.8.7 - CVE-2026-4430: Heap Buffer Overflow in AgileEngine LibreOffice 25.2.4/25.8.0 - CVE-2025-14714: TCC Bypass via Inherited Permissions in Bundled Interpreter LibreOffice 24.8.6/25.2.2 - CVE-2025-2866: PDF signature forgery with adbe.pkcs7.sha1 SubFilter LibreOffice 24.8.5/25.2.1 - CVE-2025-1080: Macro URL arbitrary script execution LibreOffice 24.8.5 - CVE-2025-0514: Executable hyperlink Windows path targets executed unconditionally on activation LibreOffice 24.8.4 - CVE-2024-12425: Path traversal leading to arbitrary .ttf file write - CVE-2024-12426: URL fetching can be used to exfiltrate arbitrary INI file values and environment variables LibreOffice 24.8.0/24.2.5 - CVE-2024-7788: Signatures in "repair mode" should not be trusted LibreOffice 24.2.5 - CVE-2024-6472: Ability to trust not validated macro signatures removed in high security mode LibreOffice 24.2.4 - CVE-2024-5261: TLS certificate are not properly verified when utilizing LibreOfficeKit LibreOffice 7.6.7/24.2.3 - CVE-2024-3044: Graphic on-click binding allows unchecked script execution LibreOffice 7.6.4/7.5.9 - CVE-2023-6186: Link targets allow arbitrary script execution LibreOffice 7.6.3/7.5.9 - CVE-2023-6185: Improper input validation enabling arbitrary Gstreamer pipeline injection LibreOffice 7.4.7/7.5.3 - CVE-2023-2255: Remote documents loaded without prompt via IFrame LibreOffice 7.4.6/7.5.1 - CVE-2023-0950: Array Index UnderFlow in Calc Formula Parsing LibreOffice 7.3.6/7.4.1 - CVE-2022-3140: Macro URL arbitrary script execution LibreOffice 7.2.7/7.3.3 - CVE-2022-26306: Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password - CVE-2022-26307: Weak Master Keys LibreOffice 7.2.7/7.3.2 - CVE-2022-26305: Execution of Untrusted Macros Due to Improper Certificate Validation LibreOffice 7.2.6/7.3.1 - CVE-2022-38745: Empty entry in Java class path risks arbitrary code execution LibreOffice 7.2.5/7.3.0 - CVE-2021-25636: Incorrect trust validation of signature with ambiguous KeyInfo children LibreOffice 7.0.6/7.1.3 - CVE-2021-25632: fileloc extension added to macOS executable denylist LibreOffice 7.0.6/7.1.2 - CVE-2021-25633: Content Manipulation with Double Certificate Attack - CVE-2021-25634: Timestamp Manipulation with Signature Wrapping LibreOffice 7.0.5/7.1.2 - CVE-2021-25631: Denylist of executable filename extensions possible to bypass under windows LibreOffice 7.0.5/7.1.1 - CVE-2021-25635: Content Manipulation with Certificate Validation Attack LibreOffice 6.4.4 - CVE-2020-12802: remote graphics contained in docx format retrieved in 'stealth mode' - CVE-2020-12803: XForms submissions could overwrite local files LibreOffice 6.3.6/6.4.3 - CVE-2020-12801: Crash-recovered MSOffice encrypted documents defaulted to not to using encryption on next save LibreOffice 6.2.7/6.3.1 - CVE-2019-9854: Unsafe URL assembly flaw in allowed script location check - CVE-2019-9855: Windows 8.3 path equivalence handling flaw allows LibreLogo script execution LibreOffice 6.2.6/6.3.1 - CVE-2019-9853: Insufficient URL decoding flaw in categorizing macro location LibreOffice 6.2.6/6.3.0 - CVE-2019-9850: Insufficient url validation allowing LibreLogo script execution - CVE-2019-9851: LibreLogo global-event script execution - CVE-2019-9852: Insufficient URL encoding flaw in allowed script location check LibreOffice 6.2.5 - CVE-2019-9848: LibreLogo arbitrary script execution - CVE-2019-9849: remote bullet graphics retrieved in 'stealth mode' LibreOffice 6.1.6/6.2.3 - CVE-2019-9847: Executable hyperlink targets executed unconditionally on activation LibreOffice 6.0.7/6.1.3 - CVE-2018-16858: Directory traversal flaw in script execution LibreOffice 5.4.7/6.0.4 - CVE-2018-10583: Information disclosure via SMB link embedded in ODF document LibreOffice 5.4.6/6.0.2 - CVE-2018-10120: Heap Buffer Overflow in MSWord Customizations parsing LibreOffice 5.4.5/6.0.1 - CVE-2018-1055: Remote arbitrary file disclosure vulnerability via WEBSERVICE formula - CVE-2018-10119: Use After Free in Structured Storage parser LibreOffice 5.2.5/5.3.0 - CVE-2017-7870: Heap-buffer-overflow in WMF filter - CVE-2016-10327: Heap-buffer-overflow in EMF filter Fixed during development - CVE-2017-7856: Heap-buffer-overflow in SVM filter - CVE-2017-7882: Heap-buffer-overflow in HWP filter - CVE-2017-8358: Heap-buffer-overflow in JPG filter LibreOffice 5.1.6/5.2.2/5.3.0 - CVE-2017-3157: Arbitrary file disclosure in Calc and Writer LibreOffice 5.1.4/5.2.0 - CVE-2016-4324: Dereference of invalid STL iterator on processing RTF file LibreOffice 5.0.5/5.1.0 - CVE-2016-0795: LotusWordPro Bounds overflows in LwpFocSuperLayout processing LibreOffice 5.0.4/5.1.0 - CVE-2016-0794: LotusWordPro Multiple bounds overflows in lwp filter LibreOffice 5.0.2/5.1.0 - CVE-2017-12607: Out-of-Bounds Write in Impress' PPT Filter - CVE-2017-12608: Out-of-Bounds Write in Writer's ImportOld

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

LibreOffice多版本安全漏洞公告(CVE合集)

目标达成感谢每一位支持者 — 我们达成了 100% 目标！