It exists that LibreOffice incorrectly handled certain document files. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. (CVE-2018-10119, CVE-2018-10120, CVE-2018-11790)
When is a macro not a macro? When it comes with the product, apparently Fix LibreOffice now to thwart silent macro viruses – and here's how to pwn those who haven't
Interview The Document Foundation, custodian of LibreOffice, has defended the suite's security after attempts to patch a code execution flaw turned out to be "partial". "So far in the story of LibreOffice we have been able to patch all security issues before they reached the end user," a spokesperson told The Reg. "For this last one we have a patch for version 6.2.5 which is unfortunately partial because there are other ways to trigger the vulnerability. This is going to be patched in version 6....
Remote scripting flaw in open-source productivity suites is at least partly fixed Apache OpenOffice, the Schrodinger's app: No one knows if it's dead or alive, no one really wants to look inside
A security flaw affecting LibreOffice and Apache OpenOffice has been fixed in one of the two open-source office suites. The other still appears to be vulnerable. Before attempting to guess which app has yet to be patched, consider that Apache OpenOffice for years has struggled attract more contributors. And though the number of people adding code to the project has grown since last we checked, the project missed its recent January report to the Apache Foundation. The upshot is: security holes ar...