Vuln: LibreOffice Remote Code Execution and Unauthorized Access Vulnerabilities



LibreOffice is prone to a remote code-execution vulnerability and unauthorized-access vulnerability.

Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected application and gain unauthorized access and perform malicious actions. Failed exploit attempts may result in a denial-of-service condition.

LibreOffice versions prior to 6.2.5 are vulnerable.
exploit



Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.
solution



Solution:
Updates are available. Please see the references or vendor advisory for more information.

info



Bugtraq ID:109374
Class:Unknown
CVE:CVE-2019-9848
CVE-2019-9849
Remote:Yes
Local:No
Published:Jul 26 2019 12:00AM
Updated:Jul 26 2019 12:00AM
Credit:Nils Emmerich of ERNW Research GmbH and Matei "Mal" Badanoiu
Vulnerable:Ubuntu Ubuntu Linux 19.04
Ubuntu Ubuntu Linux 18.04 LTS
Ubuntu Ubuntu Linux 16.04 LTS
LibreOffice LibreOffice 6.2.1
LibreOffice LibreOffice 6.2
LibreOffice LibreOffice 6.1.6
LibreOffice LibreOffice 6.1.5
LibreOffice LibreOffice 6.1.4
LibreOffice LibreOffice 6.1.3
LibreOffice LibreOffice 6.1.2
LibreOffice LibreOffice 6.1
LibreOffice LibreOffice 6.0.7
LibreOffice LibreOffice 6.0.6
LibreOffice LibreOffice 6.0.5
LibreOffice LibreOffice 6.0.4
LibreOffice LibreOffice 6.0.3
LibreOffice LibreOffice 6.0.2
LibreOffice LibreOffice 6.0.1
LibreOffice LibreOffice 5.2
LibreOffice LibreOffice 5.1.4
LibreOffice LibreOffice 5.1.3
LibreOffice LibreOffice 5.1.2
LibreOffice LibreOffice 5.1.1
LibreOffice LibreOffice 5.1
LibreOffice LibreOffice 5.0.4
LibreOffice LibreOffice 5.0
LibreOffice LibreOffice 4.4.6
LibreOffice LibreOffice 4.4.5
LibreOffice LibreOffice 4.4.4
LibreOffice LibreOffice 4.4
LibreOffice LibreOffice 4.2.3
LibreOffice LibreOffice 6.1
LibreOffice LibreOffice 4.4.0-beta2
LibreOffice LibreOffice 4.3.5
LibreOffice LibreOffice 4.3.4
LibreOffice LibreOffice 4.3.3.2
LibreOffice LibreOffice 4.3.3
LibreOffice LibreOffice 4.3.2
LibreOffice LibreOffice 4.3.0
LibreOffice LibreOffice 4.2.7
LibreOffice LibreOffice 4.2.6
LibreOffice LibreOffice 4.2.4
LibreOffice LibreOffice 4.2.0
LibreOffice LibreOffice 4.1.5
LibreOffice LibreOffice 4.0.1.2
LibreOffice LibreOffice 4.0.0.3
LibreOffice LibreOffice 4.0.0
LibreOffice LibreOffice 3.6.5.2
LibreOffice LibreOffice 3.6.1
LibreOffice LibreOffice 3.6.0
LibreOffice LibreOffice 3.5.7.2
LibreOffice LibreOffice 3.5.7
LibreOffice LibreOffice 3.5.5.3
LibreOffice LibreOffice 3.5.5
Not Vulnerable:LibreOffice LibreOffice 6.2.5
references



from SecurityFocus Vulnerabilities https://ift.tt/2SG6x3I