Browse all 9 CVE security advisories affecting Document Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.
The Document Foundation develops LibreOffice, an open-source office suite used for document creation and management. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often through malicious document processing. While no major public security incidents have been widely reported, the organization maintains a security response team addressing reported issues. With nine CVEs on record, most vulnerabilities relate to memory corruption and unsafe parsing of file formats. The foundation regularly releases security patches, emphasizing community collaboration in vulnerability identification and remediation. Security remains a priority, though the complexity of document processing continues to present potential attack surfaces for exploitation.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2019-9853 | Insufficient URL decoding flaw in categorizing macro location — LibreOfficeCWE-116 | 7.8 | - | 2019-09-27 |
| CVE-2019-9855 | Windows 8.3 path equivalence handling flaw allows LibreLogo script execution — LibreOffice | 9.8 | - | 2019-09-06 |
| CVE-2019-9854 | Unsafe URL assembly flaw in allowed script location check — LibreOffice | 7.8 | - | 2019-09-06 |
| CVE-2019-9852 | Insufficient URL encoding flaw in allowed script location check — LibreOfficeCWE-116 | 7.8 | - | 2019-08-15 |
| CVE-2019-9851 | LibreLogo global-event script execution — LibreOffice | 9.8 | - | 2019-08-15 |
| CVE-2019-9850 | Insufficient url validation allowing LibreLogo script execution — LibreOffice | 9.8 | - | 2019-08-15 |
| CVE-2019-9849 | LibreOffice 信息泄露漏洞 — LibreOffice | 4.3 | - | 2019-07-17 |
| CVE-2019-9848 | LibreOffice 代码注入漏洞 — LibreOffice | 9.8 | - | 2019-07-17 |
| CVE-2019-9847 | Executable hyperlink targets executed unconditionally on activation — LibreOffice | 7.8 | - | 2019-05-09 |
This page lists every published CVE security advisory associated with Document Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.