Main Vulnerability Database Vulnerabilities #VU17362

#VU17362 Path traversal in LibreOffice - CVE-2018-16858

Published: February 4, 2019 / Updated: June 17, 2021

Vulnerability identifier: #VU17362

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: CVE-2018-16858

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
LibreOffice

Software vendor:
LibreOffice

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error. A remote attacker can trick the victim into opening a specially crafted Office file, conduct path traversal attack and execute a python method from a script in any arbitrary file system location

Remediation

The vulnerability has been addressed in the versions 6.0.7, 6.1.3.

External links

https://www.libreoffice.org/about-us/security/advisories/cve-2018-16858/

#VU17362 Path traversal in LibreOffice - CVE-2018-16858

Description

Remediation

External links

Please verify you're human