Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

libreoffice — Vulnerabilities & Security Advisories 38

All 38 CVE vulnerabilities found in libreoffice, with AI-generated Chinese analysis, references, and POCs.

This page catalogs known software weaknesses affecting the LibreOffice product suite, categorized by Common Weakness Enumeration (CWE) types. It aggregates vulnerability data to provide a comprehensive view of security issues impacting this widely used open-source office application. The content focuses on collecting and organizing vulnerabilities across various severity levels and exposure dates. This includes historical data spanning several years, capturing the evolution of security practices within the project and the specific risks associated with different versions of the software. By centralizing this information, the page serves as a resource for understanding the security posture of LibreOffice over time. Visitors can use this resource to track advisories issued by the vendor regarding critical security flaws. You can explore detailed descriptions of specific weakness classes to understand the root causes of common exploits. Additionally, the page allows users to look up the vulnerability history of LibreOffice, identifying patterns in past incidents and assessing the long-term impact of patched issues. This structured approach helps developers, security analysts, and end-users evaluate risks more effectively. The focus remains strictly on factual data aggregation and classification, providing a clear overview of the security landscape for this product without bias or promotional language.

Vendor: [UNKNOWN]

CVE IDTitleCVSSSeverityPublished
CVE-2026-4430 Heap Buffer Overflow in AgileEngine CWE-787 7.8AIHighAI2026-05-07
CVE-2025-14714 TCC Bypass via Inherited Permissions in Bundled Interpreter CWE-288 9.8AICriticalAI2025-12-15
CVE-2025-2866 PDF signature forgery with adbe.pkcs7.sha1 SubFilter CWE-347 6.5 -2025-04-27
CVE-2021-25635 Content Manipulation with Certificate Validation Attack CWE-295 7.5 -2025-03-21
CVE-2025-1080 Macro URL arbitrary script execution CWE-20 8.8 -2025-03-04
CVE-2025-0514 Executable hyperlink Windows path targets executed unconditionally on activation CWE-20 6.5 -2025-02-25
CVE-2024-12426 URL fetching can be used to exfiltrate arbitrary INI file values and environment variables CWE-200 6.5 -2025-01-07
CVE-2024-12425 Path traversal leading to arbitrary .ttf file write CWE-22 6.2 -2025-01-07
CVE-2024-7788 Signatures in "repair mode" should not be trusted CWE-347 7.8 High2024-09-17
CVE-2024-6472 Ability to trust not validated macro signatures removed in high security mode CWE-295 7.8 High2024-08-05
CVE-2024-5261 TLS certificate are not properly verified when utilizing LibreOfficeKit CWE-295 9.1AICriticalAI2024-06-25
CVE-2024-3044 Graphic on-click binding allows unchecked script execution CWE-356 7.1 -2024-05-14
CVE-2023-6186 Link targets allow arbitrary script execution 8.3 High2023-12-11
CVE-2023-6185 Improper input validation enabling arbitrary Gstreamer pipeline injection 8.3 High2023-12-11
CVE-2023-1183 Arbitrary file write CWE-20 5.0 Medium2023-07-10
CVE-2023-0950 Array Index UnderFlow in Calc Formula Parsing CWE-129 8.8 -2023-05-25
CVE-2023-2255 Remote documents loaded without prompt via IFrame CWE-264 5.3 -2023-05-25
CVE-2022-3140 Macro URL arbitrary script execution CWE-20 7.6 -2022-10-11
CVE-2022-26307 Weak Master Keys CWE-326 8.8 -2022-07-25
CVE-2022-26306 Execution of Untrusted Macros Due to Improper Certificate Validation CWE-326 9.1 -2022-07-25
CVE-2022-26305 Execution of Untrusted Macros Due to Improper Certificate Validation CWE-295 7.5 -2022-07-25
CVE-2021-25636 Incorrect trust validation of signature with ambiguous KeyInfo children CWE-347 7.5 -2022-02-22
CVE-2021-25634 Timestamp Manipulation with Signature Wrapping CWE-295 7.5 -2021-10-12
CVE-2021-25633 Content Manipulation with Double Certificate Attack CWE-295 7.5 -2021-10-11
CVE-2021-25631 denylist of executable filename extensions possible to bypass under windows CWE-184 8.8 -2021-05-03
CVE-2020-12803 XForms submissions could overwrite local files 6.5 -2020-06-08
CVE-2020-12802 remote graphics contained in docx format retrieved in 'stealth mode' CWE-200 5.3 -2020-06-08
CVE-2020-12801 Crash-recovered MSOffice encrypted documents defaulted to not to using encryption on next save CWE-311 8.2 -2020-05-18
CVE-2019-9853 Insufficient URL decoding flaw in categorizing macro location CWE-116 7.8 -2019-09-27
CVE-2019-9855 Windows 8.3 path equivalence handling flaw allows LibreLogo script execution 9.8 -2019-09-06

All 38 known CVE vulnerabilities affecting libreoffice with full Chinese analysis, references, and POCs where available.