UbuntuUpdates.org

Package "libreoffice-dev-doc"

Name: libreoffice-dev-doc

Description:

office productivity suite -- SDK documentation

Latest version: 4:24.2.7-0ubuntu0.24.04.6
Release: noble (24.04)
Level: security
Repository: main
Head package: libreoffice
Homepage: http://www.libreoffice.org

Links


Download "libreoffice-dev-doc"


Other versions of "libreoffice-dev-doc" in Noble

Repository Area Version
base main 4:24.2.2-0ubuntu1
updates main 4:24.2.7-0ubuntu0.24.04.6
backports main 4:25.8.7-0ubuntu0.25.10.1~bpo24.04.1
PPA: LibreOffice 4:26.2.4.2-0ubuntu0.24.04.1~lo1

Changelog

Version: 4:24.2.7-0ubuntu0.24.04.6 2026-07-13 21:09:38 UTC

  libreoffice (4:24.2.7-0ubuntu0.24.04.6) noble-security; urgency=medium

  * SECURITY UPDATE: Heap buffer overflow in DXF polyline import
    - debian/patches/CVE-2026-6039.patch: stay within max Polygon points
    - CVE-2026-6039
  * SECURITY UPDATE: Heap use-after-free in ODF number-format blank-width parsing
    - debian/patches/CVE-2026-6040.patch: process loext:blank-width-char better
    - CVE-2026-6040
  * SECURITY UPDATE: Heap buffer overflow in EMF+ gradient brush import
    - debian/patches/CVE-2026-6045-1.patch: check that the file can provide the
      claimed data
    - debian/patches/CVE-2026-6045-2.patch: tidy up emfppath.cxx edge cases
    - debian/patches/CVE-2026-6045-3.patch: check that the file can provide the
      claimed data
    - CVE-2026-6045
  * SECURITY UPDATE: Stack buffer overflow in PPT presentation import
    - debian/patches/CVE-2026-8356.patch: SdrEscherImport::RecolorGraphic
      reads but doesn't use FillColors
    - CVE-2026-8356
  * SECURITY UPDATE: Heap buffer overflow in Calc formula compilation
    - debian/patches/CVE-2026-8357.patch: A formula of length L, composed
      entirely of open tokens, needs L+1 slots
    - CVE-2026-8357
  * SECURITY UPDATE: Heap buffer overflow in spreadsheet tracked-changes import
    - debian/patches/CVE-2026-8358.patch: drop malformed duplicate-id calc
      change track actions
    - CVE-2026-8358

 -- Rico Tzschichholz <email address hidden> Sun, 28 Jun 2026 12:36:00 +0200

Source diff to previous version
CVE-2026-6039 LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count
CVE-2026-6040 A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not chec
CVE-2026-6045 LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The n
CVE-2026-8356 LibreOffice can import presentations in the legacy binary PPT format. A stack buffer overflow existed when importing a colour-replacement record. Two
CVE-2026-8357 LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many
CVE-2026-8358 LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identi

Version: 4:24.2.7-0ubuntu0.24.04.5 2026-05-28 19:07:37 UTC

  libreoffice (4:24.2.7-0ubuntu0.24.04.5) noble-security; urgency=medium

  * SECURITY UPDATE: Heap Buffer Overflow in AgileEngine
    - debian/patches/CVE-2026-4430.patch: Conform AlignEngine parsing to
      what section 2.3.4.10 of the spec has
    - CVE-2026-4430

 -- Rico Tzschichholz <email address hidden> Wed, 13 May 2026 09:30:30 +0200

Source diff to previous version
CVE-2026-4430 Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. Thi

Version: 4:24.2.7-0ubuntu0.24.04.4 2025-05-09 20:07:22 UTC

  libreoffice (4:24.2.7-0ubuntu0.24.04.4) noble-security; urgency=medium

  * SECURITY UPDATE: PDF signature forgery with adbe.pkcs7.sha1 SubFilter
    - debian/patches/CVE-2025-2866.patch: Improve adbe.pkcs7.sha1 signature
      verification
    - CVE-2025-2866

 -- Rico Tzschichholz <email address hidden> Mon, 05 May 2025 17:20:55 +0200

Source diff to previous version
CVE-2025-2866 Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation. In the affect

Version: 4:24.2.7-0ubuntu0.24.04.3 2025-03-10 15:07:03 UTC

  libreoffice (4:24.2.7-0ubuntu0.24.04.3) noble-security; urgency=medium

  * SECURITY UPDATE: Macro URL arbitrary script execution
    - debian/patches/CVE-2025-1080.patch: Filter out more unwanted command
      URIs
    - CVE-2025-1080

 -- Rico Tzschichholz <email address hidden> Thu, 06 Mar 2025 08:58:09 +0100

Source diff to previous version
CVE-2025-1080 LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice

Version: 4:24.2.7-0ubuntu0.24.04.2 2025-01-27 18:07:00 UTC

  libreoffice (4:24.2.7-0ubuntu0.24.04.2) noble-security; urgency=medium

  * SECURITY UPDATE: Path traversal leading to arbitrary .ttf file write
    - debian/patches/CVE-2024-12425.patch: be conservative on allowed temp
      font names
    - CVE-2024-12425
  * SECURITY UPDATE: URL fetching can be used to exfiltrate arbitrary INI
      file values and environment variables
    - debian/patches/CVE-2024-12426-1.patch: consider VndSunStarExpand an
      exotic protocol
    - debian/patches/CVE-2024-12426-2.patch: look at 'embedded' protocols too
    - debian/patches/CVE-2024-12426-3.patch: Fix check for further exotic
      protocols
    - CVE-2024-12426

 -- Rico Tzschichholz <email address hidden> Mon, 20 Jan 2025 09:58:29 +0100

CVE-2024-12425 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute P
CVE-2024-12426 Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice.



About   -   Send Feedback to @ubuntu_updates