CVE-2019-9849
libreoffice: Remote resources protection module not applied to bullet graphics
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5.
LibreOffice presenta un "stealth mode" en el que solo los documentos desde ubicaciones consideradas "trusted" pueden recuperar recursos remotos. Este modo no es el modo por defecto, pero puede ser habilitado por los usuarios que desean desactivar la capacidad de LibreOffice de incluir recursos remotos dentro de un documento. Existía un fallo donde se omitían los gráficos con viñetas de esta protección anterior la versión 6.2.5. Este problema afecta: a LibreOffice versiones anteriores a 6.2.5, de Document Foundation.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-03-17 CVE Reserved
- 2019-07-17 CVE Published
- 2024-06-24 First Exploit
- 2024-07-09 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/109374 | Broken Link | |
| https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://github.com/mbadanoiu/CVE-2019-9849 | 2024-06-24 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Libreoffice Search vendor "Libreoffice" | Libreoffice Search vendor "Libreoffice" for product "Libreoffice" | < 6.2.5 Search vendor "Libreoffice" for product "Libreoffice" and version " < 6.2.5" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.04" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 29 Search vendor "Fedoraproject" for product "Fedora" and version "29" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 30 Search vendor "Fedoraproject" for product "Fedora" and version "30" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.0 Search vendor "Opensuse" for product "Leap" and version "15.0" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||