The free office suite


How to Report

If you came here looking for end-user support, please send any question not related to a specific security bug to

The security teams for products associated with the code-base can be contacted at, this includes representatives of many vendors, and associated projects. This email address is solely for reporting security issues related to the software. If your virus checker is flagging a LibreOffice download as containing a virus, this is almost certainly a false positive. Please check with another anti-virus vendor, and/or file a bug report with them before bothering the security list, also please consider purchasing a more accurate virus checker.

In your report, please include the following information:

  1. In what version did you identify the specific security problem
  2. If it is platform dependent, which platform are you using
  3. A proof of concept if possible


Security Advisories

Fixed in LibreOffice 3.6.7

CVE-2013-4156 Microsoft .docm Denial Of Service

Fixed in LibreOffice 3.5.7

CVE-2012-4233 Multiple file format denial of service vulnerabilities

Fixed in LibreOffice 3.5.5

CVE-2012-2665 Multiple heap-based buffer overflows in the XML manifest encryption handling code

Fixed in LibreOffice 3.5.3

CVE-2012-1149 Integer overflows in graphic object loading

CVE-2012-2334 Integer overflow flaw with malformed PPT files

Fixed in LibreOffice 3.4.6/3.5.1

CVE-2012-0037 XML Entity Expansion flaw by processing RDF file

Fixed in LibreOffice 3.4.3:

CVE-2011-2713 Multiple vulnerabilities in the 'Microsoft Word' (doc) binary file format importer

CVE-2013-2189 Microsoft .doc Memory Corruption Vulnerability

Fixed in LibreOffice 3.3.3/3.4.0:

CVE-2011-2685 Multiple vulnerabilities in the 'Lotus Word Pro' (lwp) file format importer

Third Party Advisories

CVE-2012-2149 libwpd: Memory overwrite flaw by processing certain WordPerfect (WPD). No version of LibreOffice is affected by this.