Showing 1 - 4 of 4

CVE-2019-9848

Status Candidate

Overview

LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5.

Related Files

Red Hat Security Advisory 2020-1151-01: Posted Apr 1, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-1151-01 - LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. Issues addressed include code execution and script execution vulnerabilities.; tags | advisory, vulnerability, code execution; systems | linux, redhat; advisories | CVE-2019-9848, CVE-2019-9849, CVE-2019-9850, CVE-2019-9851, CVE-2019-9852, CVE-2019-9853, CVE-2019-9854; SHA-256 | 145184bdec8feb94e483fddfa0200c2069b777342feddd59c9da24d012ba93d3; Download | Favorite | View

Gentoo Linux Security Advisory 201908-13: Posted Aug 15, 2019; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201908-13 - Multiple vulnerabilities have been found in LibreOffice, the worst of which could result in the arbitrary execution of code. Versions less than 6.2.5.2 are affected.; tags | advisory, arbitrary, vulnerability; systems | linux, gentoo; advisories | CVE-2019-9848, CVE-2019-9849; SHA-256 | 8f091f7544a0f105ddae541f4832675af1ebbd257efb5837882ad961754f78ad; Download | Favorite | View

Ubuntu Security Notice USN-4063-1: Posted Jul 17, 2019; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4063-1 - Nils Emmerich discovered that LibreOffice incorrectly handled LibreLogo scripts. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to execute arbitrary code. Matei "Mal" Badanoiu discovered that LibreOffice incorrectly handled stealth mode. Contrary to expectations, bullet graphics could be retrieved from remote locations when running in stealth mode. Various other issues were also addressed.; tags | advisory, remote, arbitrary; systems | linux, ubuntu; advisories | CVE-2019-9848, CVE-2019-9849; SHA-256 | 4db3e45df385892f287ef9e4bf4646f8c5b32fd37f24ce860e8e033f281ad717; Download | Favorite | View

Debian Security Advisory 4483-1: Posted Jul 17, 2019; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4483-1 - Two security issues have been discovered in LibreOffice.; tags | advisory; systems | linux, debian; advisories | CVE-2019-9848, CVE-2019-9849; SHA-256 | 42524692833f927f1202932a01bdc9b9b6fdff456b3c05206acca9a4a24095c1; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

CVE-2019-9848

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems