Libreoffice patched two critical vulnerabilities this month, but one of them is still exploitable via a malicious document.  You’ll need to enable stealth mode to prevent loading of external content.