Impact: Low Public Date: 2019-08-05 CWE: CWE-200 Bugzilla: 1737421: CVE-2019-9849 libreoffice: remote resources protection module not applied to bullet graphics LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2019-9849 from the MITRE CVE dictionary dictionary and NIST NVD.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
CVSS3 Base Score | 4.3 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Attack Vector | Network |
Attack Complexity | Low |
Privileges Required | Low |
User Interaction | None |
Scope | Unchanged |
Confidentiality | Low |
Integrity Impact | None |
Availability Impact | None |
Platform | Package | State |
---|---|---|
Red Hat Enterprise Linux 8 | libreoffice | Under investigation |
Red Hat Enterprise Linux 7 | libreoffice | Under investigation |
Red Hat Enterprise Linux 6 | libreoffice | Under investigation |