CVE-2019-9849
MEDIUM severity · CVSS 4.3
4.3CVSS MEDIUM
Summary
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredLow
User interactionNone
Confidentiality impactLow
Integrity impactNone
Availability impactNone
Exploit probability (EPSS)3%
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.htmlAdvisory
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.htmlAdvisory
- http://www.securityfocus.com/bid/109374
- https://lists.debian.org/debian-lts-announce/2019/10/msg00005.htmlAdvisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XPTZJCNN52VNGSVC5DFKVW3EDMRDWKMP/
- https://security.gentoo.org/glsa/201908-13Advisory
- https://usn.ubuntu.com/4063-1/Advisory