CVE - CVE-2019-9848

CVE-ID
CVE-2019-9848	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:109374 URL:http://www.securityfocus.com/bid/109374 BUGTRAQ:20190815 [SECURITY] [DSA 4501-1] libreoffice security update URL:https://seclists.org/bugtraq/2019/Aug/28 CONFIRM:https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9848 FEDORA:FEDORA-2019-2fe22a3a2c URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH/ FEDORA:FEDORA-2019-5561d20558 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPTZJCNN52VNGSVC5DFKVW3EDMRDWKMP/ GENTOO:GLSA-201908-13 URL:https://security.gentoo.org/glsa/201908-13 MLIST:[debian-lts-announce] 20191006 [SECURITY] [DLA 1947-1] libreoffice security update URL:https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html SUSE:openSUSE-SU-2019:2057 URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html SUSE:openSUSE-SU-2019:2183 URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html UBUNTU:USN-4063-1 URL:https://usn.ubuntu.com/4063-1/
Assigning CNA
The Document Foundation
Date Record Created
20190317	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20190317)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)