7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.971 High
EPSS
Percentile
99.8%
LibreOffice is typically bundled with LibreLogo, a programmable turtle
vector graphics script, which can execute arbitrary python commands
contained with the document it is launched from. Protection was added, to
address CVE-2019-9848, to block calling LibreLogo from document event
script handers, e.g. mouse over. However LibreOffice also has a separate
feature where documents can specify that pre-installed scripts can be
executed on various global script events such as document-open, etc. In the
fixed versions, global script event handlers are validated equivalently to
document script event handlers. This issue affects: Document Foundation
LibreOffice versions prior to 6.2.6.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | libreoffice | < 1:6.0.7-0ubuntu0.18.04.9 | UNKNOWN |
ubuntu | 19.04 | noarch | libreoffice | < 1:6.2.6-0ubuntu0.19.04.1 | UNKNOWN |
ubuntu | 16.04 | noarch | libreoffice | < 1:5.1.6~rc2-0ubuntu1~xenial9 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2019-9851
nvd.nist.gov/vuln/detail/CVE-2019-9851
seclists.org/bugtraq/2019/Aug/28
security-tracker.debian.org/tracker/CVE-2019-9851
ubuntu.com/security/notices/USN-4102-1
www.cve.org/CVERecord?id=CVE-2019-9851
www.libreoffice.org/about-us/security/advisories/CVE-2019-9851
www.libreoffice.org/about-us/security/advisories/cve-2019-9851/
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.971 High
EPSS
Percentile
99.8%