CVE-2019-9854

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-9854

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9854.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-9854

Related

Published

2019-09-06T19:15:11Z

Modified

2024-09-18T03:15:20.922897Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding attack to defeat the path verification step. However this protection could be bypassed by taking advantage of a flaw in how LibreOffice assembled the final script URL location directly from components of the passed in path as opposed to solely from the sanitized output of the path verification step. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1.

References

Affected packages

Debian:11 / libreoffice

Package

Name: libreoffice
Purl: pkg:deb/debian/libreoffice?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:6.3.1~rc2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libreoffice

Package

Name: libreoffice
Purl: pkg:deb/debian/libreoffice?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:6.3.1~rc2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libreoffice

Package

Name: libreoffice
Purl: pkg:deb/debian/libreoffice?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:6.3.1~rc2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/libreoffice/core

Affected ranges

Type: GIT
Repo: https://github.com/libreoffice/core
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a7004eb475ad8836d2e5c783805e32323b86cbe6

Affected versions

CODE-4.*

CODE-4.2.0-1

CODE-4.2.0-2

CODE-4.2.0-3

CODE-4.2.0-4

CP-Android-iOS-4.*

CP-Android-iOS-4.2.0

Other

MELD_LIBREOFFICE_REPOS

libreoffice-3-5-branch-point

libreoffice-3-6-branch-point

libreoffice-4-0-branch-point

libreoffice-4-1-branch-point

libreoffice-4-2-branch-point

libreoffice-4-2-milestone-1

libreoffice-4-3-branch-point

libreoffice-4-4-branch-point

libreoffice-5-0-branch-point

libreoffice-5-1-branch-point

libreoffice-5-2-branch-point

libreoffice-5-3-branch-point

libreoffice-5-4-branch-point

libreoffice-6-0-branch-point

libreoffice-6-1-branch-point

libreoffice-6-2-branch-point

windows_build_successful_2011_11_08

calc_libreoffice-3.*

calc_libreoffice-3.4.2.2-buildfix1

co-6.*

co-6.2-1

co-6.2-2

cp-6.*

cp-6.2-3

cp-6.2-4

cp-6.2-5

cp-6.2-branch-point

gpg4libre-review-5.*

gpg4libre-review-5.4.99

libreoffice-3.*

libreoffice-3.5.0.0

libs-extern-sys_libreoffice-3.*

libs-extern-sys_libreoffice-3.4.2.2-buildfix1

libs-extern_libreoffice-3.*

libs-extern_libreoffice-3.4.2.2-buildfix1

sdremote-2.*

sdremote-2.0.0

testing_libreoffice-3.*

testing_libreoffice-3.3.99.4-hotfixes1