CVE-2019-9849

MEDIUM

LibreOffice <6.2.5 - Info Disclosure

Title source: llm
STIX 2.1

Description

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5.

Exploits (1)

nomisec WRITEUP
by mbadanoiu · poc
https://github.com/mbadanoiu/CVE-2019-9849

References (9)

Core 9
Core References
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4063-1/
Broken Link vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/109374
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201908-13
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html

Scores

CVSS v3 4.3
EPSS 0.0349
EPSS Percentile 87.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

Status published
Products (9)
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 19.04
debian/debian_linux 8.0
fedoraproject/fedora 29
fedoraproject/fedora 30
libreoffice/libreoffice < 6.2.5
opensuse/leap 15.0
opensuse/leap 15.1
Published Jul 17, 2019
Tracked Since Feb 18, 2026