Security Advisories

Fixed in LibreOffice 4.2.7/4.3.3

CVE-2014-3693 Use-After-Free in socket manager of Impress Remote

Fixed in LibreOffice 4.2.6-secfix/4.3.1

CVE-2014-3524 CSV Command Injection and DDE formulas

CVE-2014-3575 Arbitrary File Disclosure using crafted OLE objects

Fixed in LibreOffice 4.2.5

CVE-2014-0247 Microsoft Office VBA Macro Execution

Fixed in LibreOffice 3.6.7

CVE-2013-4156 Microsoft .docm Denial Of Service

Fixed in LibreOffice 3.5.7

CVE-2012-4233 Multiple file format denial of service vulnerabilities

Fixed in LibreOffice 3.5.5

CVE-2012-2665 Multiple heap-based buffer overflows in the XML manifest encryption handling code

Fixed in LibreOffice 3.5.3

CVE-2012-1149 Integer overflows in graphic object loading

CVE-2012-2334 Integer overflow flaw with malformed PPT files

Fixed in LibreOffice 3.4.6/3.5.1

CVE-2012-0037 XML Entity Expansion flaw by processing RDF file

Fixed in LibreOffice 3.4.3:

CVE-2011-2713 Multiple vulnerabilities in the 'Microsoft Word' (doc) binary file format importer

CVE-2013-2189 Microsoft .doc Memory Corruption Vulnerability

Fixed in LibreOffice 3.3.3/3.4.0:

CVE-2011-2685 Multiple vulnerabilities in the 'Lotus Word Pro' (lwp) file format importer

Third Party Advisories

Fixed in LibreOffice 4.2.3

CVE-2014-0160 & more (a set of vulnerabilities) TLS heartbeat read overrun (4.1 line not affected)

Fixed in LibreOffice 4.1.5/4.2.0

CVE-2013-1752 & CVE-2013-4238 Python Multiple Vulnerabilities

Fixed in all versions

CVE-2012-2149 libwpd: Memory overwrite flaw by processing certain WordPerfect (WPD). No version of LibreOffice is affected by this.