Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

LibreOffice — Vulnerabilities & Security Advisories 45

All 45 CVE vulnerabilities found in LibreOffice, with AI-generated Chinese analysis, references, and POCs.

This page aggregates Common Weakness Enumerations (CWE) associated with LibreOffice, the open-source office productivity suite maintained by The Document Foundation. It collects security vulnerabilities affecting the software across various versions, covering advisory releases and reported flaws from the initial public deployment up to the present day. By reviewing this aggregation, users and security professionals can track vendor advisories to stay informed about critical patches, understand the specific characteristics and impact of different weakness classes within the codebase, and look up the product’s historical vulnerability pattern to assess long-term risk exposure. LibreOffice, being a complex application with extensive features for document processing, spreadsheet management, and presentation creation, is subject to a wide array of potential security issues ranging from memory corruption and buffer overflows to injection attacks and path traversal vulnerabilities. The data presented here serves as a centralized reference point for analyzing how these weaknesses manifest in different components such as the rendering engine, macro interpreter, or file parsers. This resource is particularly useful for organizations relying on LibreOffice for sensitive document handling, as it allows for a comprehensive review of past incidents to inform current security posture and mitigation strategies.

Vendor: [UNKNOWN]

CVE IDTitleCVSSSeverityPublished
CVE-2026-8358 Heap buffer overflow in spreadsheet tracked-changes import CWE-843--2026-06-15
CVE-2026-8357 Heap buffer overflow in Calc formula compilation CWE-787--2026-06-15
CVE-2026-8356 Stack buffer overflow in PPT presentation import CWE-787--2026-06-15
CVE-2026-6047 Heap buffer overflow in OOXML text box element import CWE-787--2026-06-15
CVE-2026-6045 Heap buffer overflow in EMF+ gradient brush import CWE-787--2026-06-15
CVE-2026-6040 Heap use-after-free in ODF number-format blank-width parsing CWE-416--2026-06-15
CVE-2026-6039 Heap buffer overflow in DXF polyline import CWE-787--2026-06-15
CVE-2026-4430 Heap Buffer Overflow in AgileEngine CWE-787 7.8AIHighAI2026-05-07
CVE-2025-14714 TCC Bypass via Inherited Permissions in Bundled Interpreter CWE-288 9.8AICriticalAI2025-12-15
CVE-2025-2866 PDF signature forgery with adbe.pkcs7.sha1 SubFilter CWE-347 6.5 -2025-04-27
CVE-2021-25635 Content Manipulation with Certificate Validation Attack CWE-295 7.5 -2025-03-21
CVE-2025-1080 Macro URL arbitrary script execution CWE-20 8.8 -2025-03-04
CVE-2025-0514 Executable hyperlink Windows path targets executed unconditionally on activation CWE-20 6.5 -2025-02-25
CVE-2024-12426 URL fetching can be used to exfiltrate arbitrary INI file values and environment variables CWE-200 6.5 -2025-01-07
CVE-2024-12425 Path traversal leading to arbitrary .ttf file write CWE-22 6.2 -2025-01-07
CVE-2024-7788 Signatures in "repair mode" should not be trusted CWE-347 7.8 High2024-09-17
CVE-2024-6472 Ability to trust not validated macro signatures removed in high security mode CWE-295 7.8 High2024-08-05
CVE-2024-5261 TLS certificate are not properly verified when utilizing LibreOfficeKit CWE-295 9.1AICriticalAI2024-06-25
CVE-2024-3044 Graphic on-click binding allows unchecked script execution CWE-356 7.1 -2024-05-14
CVE-2023-6186 Link targets allow arbitrary script execution 8.3 High2023-12-11
CVE-2023-6185 Improper input validation enabling arbitrary Gstreamer pipeline injection 8.3 High2023-12-11
CVE-2023-1183 Arbitrary file write CWE-20 5.0 Medium2023-07-10
CVE-2023-0950 Array Index UnderFlow in Calc Formula Parsing CWE-129 8.8 -2023-05-25
CVE-2023-2255 Remote documents loaded without prompt via IFrame CWE-264 5.3 -2023-05-25
CVE-2022-3140 Macro URL arbitrary script execution CWE-20 7.6 -2022-10-11
CVE-2022-26307 Weak Master Keys CWE-326 8.8 -2022-07-25
CVE-2022-26306 Execution of Untrusted Macros Due to Improper Certificate Validation CWE-326 9.1 -2022-07-25
CVE-2022-26305 Execution of Untrusted Macros Due to Improper Certificate Validation CWE-295 7.5 -2022-07-25
CVE-2021-25636 Incorrect trust validation of signature with ambiguous KeyInfo children CWE-347 7.5 -2022-02-22
CVE-2021-25634 Timestamp Manipulation with Signature Wrapping CWE-295 7.5 -2021-10-12

All 45 known CVE vulnerabilities affecting LibreOffice with full Chinese analysis, references, and POCs where available.