Main Vulnerability Database Vulnerabilities #VU28800

#VU28800 Input validation error in LibreOffice - CVE-2020-12803

Published: June 9, 2020

Vulnerability identifier: #VU28800

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-12803

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
LibreOffice

Software vendor:
LibreOffice

Description

The vulnerability allows a remote attacker to overwrite arbitrary files on the system.

The vulnerability exists due to insufficient validation of user-supplied input when processing submittable forms in ODF documents. LibreOffice allows to submit data to forms, available via the file:// URI. A remote attacker can create a specially crafted form, trick the victim into submitting it and overwrite arbitrary files on the system with privileges of the current user.

Remediation

Install updates from vendor's website.

External links

https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12803

#VU28800 Input validation error in LibreOffice - CVE-2020-12803

Description

Remediation

External links

Please verify you're human