Main Vulnerability Database Vulnerabilities #VU19225

#VU19225 Security restrictions bypass in LibreOffice - CVE-2019-9849

Published: July 17, 2019

Vulnerability identifier: #VU19225

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-9849

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
LibreOffice

Software vendor:
LibreOffice

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to incorrect implementation of stealth mode feature, intended as an additional level of security that allows to retrieve online content into document from trusted resources only. A remote attacker can create a specially crafted document with bullet graphics, bypass the intended security restrictions and make the application retrieve data from arbitrary external sources.

Remediation

Install updates from vendor's website.

External links

https://www.libreoffice.org/about-us/security/advisories/cve-2019-9849/

#VU19225 Security restrictions bypass in LibreOffice - CVE-2019-9849

Description

Remediation

External links

Please verify you're human