The BSI classifies three vulnerabilities in LibreOffice under macOS, Windows and Linux as a high threat.
LibreOffice 7.4 will be released in August.
With versions 7.2.7 and 7.3.3, the LibreOffice developers have protected their software against a total of three security vulnerabilities. The Federal Office for Information Security (BSI) CERT Bund classifies the threat level of these gaps as “high”. The developers of LibreOffice also point out the three vulnerabilities in their security warnings.
Risk of malicious code and brute force attacks
With older versions of Libreoffice there are errors in the certificate check of signed macros in documents. These vulnerabilities could also allow attackers to execute malicious code via the office software. Another vulnerability lies in LibreOffice’s storage function for passwords. At the user’s request, these can be stored for Google Drive, for example, which makes it easier to open documents in cloud storage. Libreoffice protects these passwords with a master password. However, the encryption initialization vector was the same in the older versions of the software, resulting in weak encryption that in some cases could have been broken by brute force attacks.
LibreOffice 7.4 will be released in August
The vulnerabilities have now been fixed in the newer versions of LibreOffice. For this reason, the BSI recommends users to always keep the software up to date. The latest version of the office suite, Libreoffice 7.4, will be released in August. The developers promise performance optimization for text layout and spreadsheets, as well as improved compatibility with Microsoft Office formats.