5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.593 Medium
EPSS
Percentile
97.8%
LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity.
It was discovered that missing restrictions in the implementation of the WEBSERVICE function in LibreOffice could result in the disclosure of arbitrary files.
A remote attacker could entice a user to open a specially crafted document using LibreOffice, possibly resulting in the disclosure of arbitrary files readable by the victim.
There is no known workaround at this time.
All LibreOffice users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/libreoffice-5.4.5.1"
All LibreOffice binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=app-office/libreoffice-bin-5.4.5.1"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | app-office/libreoffice | < 5.4.5.1 | UNKNOWN |
Gentoo | any | all | app-office/libreoffice-bin | < 5.4.5.1 | UNKNOWN |
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.593 Medium
EPSS
Percentile
97.8%