1. CVE-Search
  2. CVE-2019-9855
ID CVE-2019-9855
Summary LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added to block calling LibreLogo from script event handers. However a Windows 8.3 path equivalence handling flaw left LibreOffice vulnerable under Windows that a document could trigger executing LibreLogo via a Windows filename pseudonym. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1.
References
Vulnerable Configurations
  • cpe:2.3:a:libreoffice:libreoffice:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:libreoffice:libreoffice:6.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libreoffice:libreoffice:6.2.0.0:alpha1:*:*:*:*:*:*
    cpe:2.3:a:libreoffice:libreoffice:6.2.0.0:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:libreoffice:libreoffice:6.2.0.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:libreoffice:libreoffice:6.2.0.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:libreoffice:libreoffice:6.2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:libreoffice:libreoffice:6.2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libreoffice:libreoffice:6.2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:libreoffice:libreoffice:6.2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libreoffice:libreoffice:6.2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:libreoffice:libreoffice:6.2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libreoffice:libreoffice:6.2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:libreoffice:libreoffice:6.2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libreoffice:libreoffice:6.2.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:libreoffice:libreoffice:6.2.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libreoffice:libreoffice:6.2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:libreoffice:libreoffice:6.2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libreoffice:libreoffice:6.2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:libreoffice:libreoffice:6.2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libreoffice:libreoffice:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:libreoffice:libreoffice:6.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libreoffice:libreoffice:6.2.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:libreoffice:libreoffice:6.2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libreoffice:libreoffice:6.2.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:libreoffice:libreoffice:6.2.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libreoffice:libreoffice:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:libreoffice:libreoffice:6.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libreoffice:libreoffice:6.2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:libreoffice:libreoffice:6.2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libreoffice:libreoffice:6.2.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:libreoffice:libreoffice:6.2.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libreoffice:libreoffice:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:libreoffice:libreoffice:6.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libreoffice:libreoffice:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:libreoffice:libreoffice:6.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:libreoffice:libreoffice:6.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:libreoffice:libreoffice:6.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libreoffice:libreoffice:6.3.0:-:*:*:*:*:*:*
    cpe:2.3:a:libreoffice:libreoffice:6.3.0:-:*:*:*:*:*:*
  • cpe:2.3:a:libreoffice:libreoffice:6.3.0.0:alpha1:*:*:*:*:*:*
    cpe:2.3:a:libreoffice:libreoffice:6.3.0.0:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:libreoffice:libreoffice:6.3.0.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:libreoffice:libreoffice:6.3.0.0:beta1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 14-10-2022 - 02:55)
Impact:
Exploitability:
CWE CWE-417
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
confirm https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9855/
suse
  • openSUSE-SU-2019:2183
  • openSUSE-SU-2019:2361
Last major update 14-10-2022 - 02:55
Published 06-09-2019 - 19:15
Last modified 14-10-2022 - 02:55
Back to Top