Уязвимость функции ReadJPEG пакета офисных программ LibreOffice, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Уязвимость функции EnhWMFReader::ReadEnhWMF пакета офисных программ LibreOffice, позволяющая нарушителю выполнить произвольный код

Уязвимость функции HWPFile::TagsRead пакета офисных программ LibreOffice, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость функции tools::Polygon::Insert пакета офисных программ LibreOffice, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость функции SVMConverter::ImplConvertFromSVM1 пакета офисных программ LibreOffice, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость функции SwCTBWrapper :: Read пакета офисных программ LibreOffice, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Уязвимость компонента COM.MICROSOFT.WEBSERVICE пакета офисных программ LibreOffice, позволяющая нарушителю получить доступ к защищаемой информации

Уязвимость функции SwCTBWrapper :: Read пакета офисных программ LibreOffice, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Уязвимость пакета офисных программ LibreOffice, вызванная выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx.

WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application.

LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source/gdi/svmconverter.cxx.

LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx.

LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx.

LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpegc.cxx.

sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format.

The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record.

The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site.

It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.

LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.