Main Vulnerability Database Vulnerabilities #VU53333

Security features bypass in LibreOffice - CVE-2021-25632

Published: May 18, 2021

Vulnerability identifier: #VU53333

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2021-25632

CWE-ID: CWE-254

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
LibreOffice

Software vendor:
LibreOffice

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improper input validation when processing hyperlinks in a document. A remote attacker can create a document with a specially crafted hyperlink, trick the victim into clicking the link, bypass implemented restrictions on extensions imposed by the denylist and execute arbitrary commands on the system.

Note, the vulnerability affects macOS installations only.

Remediation

Install updates from vendor's website.

External links

https://www.libreoffice.org/about-us/security/advisories/cve-2021-25632/

Security features bypass in LibreOffice - CVE-2021-25632

Description

Remediation

External links

Please verify you're human