LibreOffice releases patches for WebP vulnerability
Take action: Part of the current rush to patch Libwebp on everything. Patch your LibreOffice systems, regardless of operating system - you are vulnerable.
Learn More
The Document Foundation released two security updates, version 7.6.2 and 7.5.7, for its widely used LibreOffice open-source office suite to address a recently exposed vulnerability in the WebP codec.
This release was expedited to include a critical heap buffer overflow identified in the popular libwebp library, extensively utilized for decoding the prevalent WebP graphics format. This security flaw impacts all applications utilizing the libwebp library.
The vulnerability is rated as critical and possesses the potential to enable a remote attacker to execute an out-of-bounds memory write by means of a skillfully crafted HTML page.
Aside from addressing this crucial vulnerability, the LibreOffice 7.6.2 release boasts 54 bug fixes and regression resolutions, as detailed in the RC1 changelog.
LibreOffice 7.5.7 carries 14 bug fixes, as outlined in its respective RC1 changelog. It is strongly advised that all LibreOffice users promptly update to these latest versions.
Both LibreOffice 7.6.2 and LibreOffice 7.5.7 can be downloaded from the official website as binaries packaged by The Document Foundation, compatible with DEB or RPM-based distributions, as well as a source tarball.
