| Package | libreoffice |
|---|---|
| Version | 1:6.1.5-3+deb9u7 (stretch), 1:6.1.5-3+deb10u16 (buster) |
| Related CVEs | CVE-2025-1080 CVE-2025-2866 |
Multiple vulnerabilities were fixed in libreoffice, a popular office productivity suite.
CVE-2025-1080
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice
with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific
to LibreOffice was added. In the affected versions of LibreOffice a link in a browser
using that scheme could be constructed with an embedded inner URL that when passed
to LibreOffice could call internal macros with arbitrary arguments.
CVE-2025-2866
Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows
PDF Signature Spoofing by Improper Validation. In the affected versions of LibreOffice
a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause invalid
signatures to be accepted as valid.
For Debian 10 buster, these problems have been fixed in version 1:6.1.5-3+deb10u16.
For Debian 9 stretch, these problems have been fixed in version 1:6.1.5-3+deb9u7.
We recommend that you upgrade your libreoffice packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.