fkie_cve-2019-9848
Vulnerability from fkie_nvd
Published
2019-07-17 12:15
Modified
2024-11-21 04:52
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5.
References
security@documentfoundation.orghttp://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.htmlMailing List, Third Party Advisory
security@documentfoundation.orghttp://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.htmlMailing List, Third Party Advisory
security@documentfoundation.orghttp://www.securityfocus.com/bid/109374Broken Link
security@documentfoundation.orghttps://lists.debian.org/debian-lts-announce/2019/10/msg00005.htmlMailing List, Third Party Advisory
security@documentfoundation.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH/
security@documentfoundation.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XPTZJCNN52VNGSVC5DFKVW3EDMRDWKMP/
security@documentfoundation.orghttps://seclists.org/bugtraq/2019/Aug/28Mailing List, Third Party Advisory
security@documentfoundation.orghttps://security.gentoo.org/glsa/201908-13Third Party Advisory
security@documentfoundation.orghttps://usn.ubuntu.com/4063-1/Third Party Advisory
security@documentfoundation.orghttps://www.libreoffice.org/about-us/security/advisories/CVE-2019-9848Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/109374Broken Link
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/10/msg00005.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XPTZJCNN52VNGSVC5DFKVW3EDMRDWKMP/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/28Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201908-13Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4063-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9848Vendor Advisory
Impacted products
Vendor Product Version
libreoffice libreoffice *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 19.04
fedoraproject fedora 29
fedoraproject fedora 30
debian debian_linux 8.0
opensuse leap 15.0
opensuse leap 15.1


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA10AA1D-3A0A-43B1-9556-BBC53865B5A6",
                     versionEndExcluding: "6.2.5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
                     matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5.",
      },
      {
         lang: "es",
         value: "LibreOffice presenta una funcionalidad donde los documentos pueden especificar que los scripts preinstalados pueden ser ejecutados en varios eventos de documentos, tal como el mouse-over, etc. Por lo general, LibreOffice también se incluye con LibreLogo, un script de gráficos vectoriales turtle programables, que puede ser manipulado para ejecutar comandos de python arbitrarios. Mediante el uso de la funcionalidad document event para activar LibreLogo para ejecutar python contenido en un documento, podría ser construido un documento malicioso que ejecutaría comandos de python arbitrarios en silencio sin avisar. En las versiones corregidas, LibreLogo no puede ser llamado desde un controlador de eventos de documento. Este problema afecta: las versiones de LibreOffice anteriores a 6.2.5, de Document Foundation.",
      },
   ],
   id: "CVE-2019-9848",
   lastModified: "2024-11-21T04:52:25.910",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-07-17T12:15:10.770",
   references: [
      {
         source: "security@documentfoundation.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html",
      },
      {
         source: "security@documentfoundation.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html",
      },
      {
         source: "security@documentfoundation.org",
         tags: [
            "Broken Link",
         ],
         url: "http://www.securityfocus.com/bid/109374",
      },
      {
         source: "security@documentfoundation.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html",
      },
      {
         source: "security@documentfoundation.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH/",
      },
      {
         source: "security@documentfoundation.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XPTZJCNN52VNGSVC5DFKVW3EDMRDWKMP/",
      },
      {
         source: "security@documentfoundation.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/bugtraq/2019/Aug/28",
      },
      {
         source: "security@documentfoundation.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/201908-13",
      },
      {
         source: "security@documentfoundation.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4063-1/",
      },
      {
         source: "security@documentfoundation.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9848",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://www.securityfocus.com/bid/109374",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XPTZJCNN52VNGSVC5DFKVW3EDMRDWKMP/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/bugtraq/2019/Aug/28",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/201908-13",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4063-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9848",
      },
   ],
   sourceIdentifier: "security@documentfoundation.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-94",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.