7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.217 Low
EPSS
Percentile
96.5%
Severity: High
Date : 2019-08-16
CVE-ID : CVE-2019-9848 CVE-2019-9849
Package : libreoffice-still
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1010
The package libreoffice-still before version 6.2.6-1 is vulnerable to
multiple issues including arbitrary command execution and information
disclosure.
Upgrade to 6.2.6-1.
The problems have been fixed upstream in version 6.2.6.
None.
An issue has been found in LibreOffice before 6.2.5, where documents
can specify that pre-installed scripts can be executed on various
document events such as mouse-over, etc. LibreOffice is typically also
bundled with LibreLogo, a programmable turtle vector graphics script,
which can be manipulated into executing arbitrary python commands. By
using the document event feature to trigger LibreLogo to execute python
contained within a document a malicious document could be constructed
which would execute arbitrary python commands silently without warning.
In the fixed versions, LibreLogo cannot be called from a document event
handler.
LibreOffice has a ‘stealth mode’ in which only documents from locations
deemed ‘trusted’ are allowed to retrieve remote resources. This mode is
not the default mode, but can be enabled by users who want to disable
LibreOffice’s ability to include remote resources within a document. A
flaw existed where bullet graphics were omitted from this protection
prior to version 6.2.5.
A remote attacker is able to execute arbitrary commands via a specially
crafted document or disclose bullet graphics from locations which
should be hidden when ‘stealth mode’ is enabled.
https://security.archlinux.org/CVE-2019-9848
https://security.archlinux.org/CVE-2019-9849
https://www.libreoffice.org/about-us/security/advisories/cve-2019-9848
https://github.com/LibreOffice/core/commit/5d47b7b3f6a134037f1f3d8c018505244d7be484
https://github.com/LibreOffice/core/commit/3dd024a28a98a9d4b4efc3c7ec6acaa94d2b25fd
https://www.libreoffice.org/about-us/security/advisories/cve-2019-9849
https://security.archlinux.org/CVE-2019-9848
https://security.archlinux.org/CVE-2019-9849
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | libreoffice-still | < 6.2.6-1 | UNKNOWN |
github.com/LibreOffice/core/commit/3dd024a28a98a9d4b4efc3c7ec6acaa94d2b25fd
github.com/LibreOffice/core/commit/5d47b7b3f6a134037f1f3d8c018505244d7be484
security.archlinux.org/AVG-1010
security.archlinux.org/CVE-2019-9848
security.archlinux.org/CVE-2019-9848
security.archlinux.org/CVE-2019-9849
security.archlinux.org/CVE-2019-9849
www.libreoffice.org/about-us/security/advisories/cve-2019-9848
www.libreoffice.org/about-us/security/advisories/cve-2019-9849
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.217 Low
EPSS
Percentile
96.5%