ClickCease LibreOffice Security Updates Patched Critical WebP Vulnerability

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

LibreOffice Security Updates Patched Critical WebP Vulnerability

Rohan Timalsina

October 3, 2023 - TuxCare expert team

LibreOffice, developed by The Document Foundation is a free and open-source suite of office productivity software. Recently, The Document Foundation released the LibreOffice security updates with versions 7.6.2 and 7.5.7, addressing a critical vulnerability found in the WebP codec. Both versions have arrived earlier than the scheduled date to patch CVE-2023-4863 specifically.


LibreOffice 7.6.2 & 7.5.7 Security Updates

CVE-2023-4863 is a heap buffer overflow vulnerability identified in the libwebp library, which is commonly used to decode the WebP graphics format. It impacts all applications that depend on the libwebp library, including major web browsers like Mozilla Firefox, Chrome/Chromium, and Edge. It has been categorized as critical due to its potential to enable a remote attacker to execute an out-of-bounds memory write via a crafted HTML page.

The latest versions of the above-mentioned browsers have already addressed this WebP vulnerability, and it is now also fixed in the LibreOffice program if users update to either LibreOffice 7.6.2 or LibreOffice 7.5.7.

In addition to addressing this critical security vulnerability, the LibreOffice 7.6.2 release includes 54 fixes for various bugs and regressions, as outlined in the RC1 changelog. On the other hand, LibreOffice 7.5.7 features a more modest 14 bug fixes, also detailed in the RC1 changelog.


Final Words

It is strongly recommended for all LibreOffice users to apply these security updates. Both LibreOffice 7.6.2 and LibreOffice 7.5.7 can be downloaded from the official website in binary format, prepared by The Document Foundation for DEB or RPM-based distributions, as well as in the form of a source tarball.

Furthermore, it is worth performing regular updates of your GNU/Linux systems to safeguard against such critical vulnerabilities. These new LibreOffice updates will also soon become available in your distribution’s stable repositories, so it’s advisable to maintain a routine update schedule to ensure your system remains protected.


The sources for this article include a story from 9to5Linux.

LibreOffice Security Updates Patched Critical WebP Vulnerability
Article Name
LibreOffice Security Updates Patched Critical WebP Vulnerability
Learn about critical LibreOffice security updates (7.6.2 & 7.5.7) addressing a heap overflow vulnerability CVE 2023-4863 in libwebp.
Publisher Name
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started




Linux & Open Source

Subscribe to
our newsletter