Published: 15/08/2019 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions before 6.2.6.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian debian linux 8.0
debian debian linux 9.0
debian debian linux 10.0
canonical ubuntu linux 18.04
opensuse leap 15.0
canonical ubuntu linux 19.04
fedoraproject fedora 29
opensuse leap 15.1
canonical ubuntu linux 16.04
libreoffice libreoffice

Several security issues were fixed in LibreOffice ...

It was discovered that the code fixes to address CVE-2018-16858 and CVE-2019-9848 were not complete For the oldstable distribution (stretch), these problems have been fixed in version 1:527-1+deb9u10 For the stable distribution (buster), these problems have been fixed in version 1:615-3+deb10u3 We recommend that you upgrade your libreoffice ...

LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands By using the document event featur ...

Impact: Moderate Public Date: 2019-08-15 CWE: CWE-94 Bugzilla: 1744866: CVE-2019-9851 libreoffice: Lib ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT def initialize(info = {}) super(update_info(info, 'Name' => 'LibreOffice Mac ...

A Vulnerable dockerfile for containerizing a university business.

Vulnerable Dockerfile A vulnerable Dockerfile for containerizing a university business This Dockerfile consists of Docker XML files for ease of use, readily deployable on your own environment Hosting an FTP server, a vulnerable SSH service and an insecure website Vulnerabilities include: wwwcvedetailscom/cve/CVE-2018-1000300/ wwwcvedetailscom/cve/CVE-20

CWE-20 https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9851 https://seclists.org/bugtraq/2019/Aug/28 https://www.debian.org/security/2019/dsa-4501 http://packetstormsecurity.com/files/154168/LibreOffice-Macro-Python-Code-Execution.html https://usn.ubuntu.com/4102-1/http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH/https://usn.ubuntu.com/4102-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/47298

CVE-2019-9851

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect