Main Vulnerability Database Vulnerabilities #VU68115

#VU68115 Command Injection in LibreOffice - CVE-2022-3140

Published: October 11, 2022 / Updated: October 25, 2022

Vulnerability identifier: #VU68115

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2022-3140

CWE-ID: CWE-77

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
LibreOffice

Software vendor:
LibreOffice

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation when parsing arguments for the "vnd.libreoffice.command'" URI scheme. A remote attacker can create a specially crafted document, trick the victim into opening it and execute internal macros with arbitrary arguments.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

#VU68115 Command Injection in LibreOffice - CVE-2022-3140

Description

Remediation

External links