Main Vulnerability Database Vulnerabilities #VU19225

Security restrictions bypass in LibreOffice - CVE-2019-9849

Published: July 17, 2019

Vulnerability identifier: #VU19225

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-9849

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: LibreOffice

Affected software:
LibreOffice

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to incorrect implementation of stealth mode feature, intended as an additional level of security that allows to retrieve online content into document from trusted resources only. A remote attacker can create a specially crafted document with bullet graphics, bypass the intended security restrictions and make the application retrieve data from arbitrary external sources.

How to mitigate CVE-2019-9849

Install updates from vendor's website.

Sources

https://www.libreoffice.org/about-us/security/advisories/cve-2019-9849/

Security restrictions bypass in LibreOffice - CVE-2019-9849

Detailed vulnerability description

How to mitigate CVE-2019-9849

Sources

Please verify you're human