{"containers": {"cna": {"affected": [{"product": "LibreOffice", "vendor": "Document Foundation", "versions": [{"lessThan": "6.2.5", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Thanks to Nils Emmerich of ERNW Research GmbH for discovering and reporting this issue"}], "datePublic": "2019-07-16T00:00:00", "descriptions": [{"lang": "en", "value": "LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5."}], "problemTypes": [{"descriptions": [{"description": "LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which could be leveraged to by an attacker document to silently execute arbitrary python commands", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-06T13:06:08", "orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn."}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9848"}, {"name": "USN-4063-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4063-1/"}, {"name": "FEDORA-2019-5561d20558", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XPTZJCNN52VNGSVC5DFKVW3EDMRDWKMP/"}, {"name": "109374", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/109374"}, {"name": "GLSA-201908-13", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201908-13"}, {"name": "20190815 [SECURITY] [DSA 4501-1] libreoffice security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Aug/28"}, {"name": "FEDORA-2019-2fe22a3a2c", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH/"}, {"name": "openSUSE-SU-2019:2057", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html"}, {"name": "openSUSE-SU-2019:2183", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html"}, {"name": "[debian-lts-announce] 20191006 [SECURITY] [DLA 1947-1] libreoffice security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html"}], "source": {"defect": ["LibreLogo", "arbitrary", "script", "execution"], "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.0.7"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@documentfoundation.org", "DATE_PUBLIC": "2019-07-16T00:00:00.000Z", "ID": "CVE-2019-9848", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "LibreOffice", "version": {"version_data": [{"version_affected": "<", "version_value": "6.2.5"}]}}]}, "vendor_name": "Document Foundation"}]}}, "credit": [{"lang": "eng", "value": "Thanks to Nils Emmerich of ERNW Research GmbH for discovering and reporting this issue"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5."}]}, "generator": {"engine": "Vulnogram 0.0.7"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which could be leveraged to by an attacker document to silently execute arbitrary python commands"}]}]}, "references": {"reference_data": [{"name": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9848", "refsource": "CONFIRM", "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9848"}, {"name": "USN-4063-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4063-1/"}, {"name": "FEDORA-2019-5561d20558", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPTZJCNN52VNGSVC5DFKVW3EDMRDWKMP/"}, {"name": "109374", "refsource": "BID", "url": "http://www.securityfocus.com/bid/109374"}, {"name": "GLSA-201908-13", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201908-13"}, {"name": "20190815 [SECURITY] [DSA 4501-1] libreoffice security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Aug/28"}, {"name": "FEDORA-2019-2fe22a3a2c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH/"}, {"name": "openSUSE-SU-2019:2057", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html"}, {"name": "openSUSE-SU-2019:2183", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html"}, {"name": "[debian-lts-announce] 20191006 [SECURITY] [DLA 1947-1] libreoffice security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html"}]}, "source": {"defect": ["LibreLogo", "arbitrary", "script", "execution"], "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:01:54.965Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9848"}, {"name": "USN-4063-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4063-1/"}, {"name": "FEDORA-2019-5561d20558", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XPTZJCNN52VNGSVC5DFKVW3EDMRDWKMP/"}, {"name": "109374", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/109374"}, {"name": "GLSA-201908-13", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201908-13"}, {"name": "20190815 [SECURITY] [DSA 4501-1] libreoffice security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Aug/28"}, {"name": "FEDORA-2019-2fe22a3a2c", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH/"}, {"name": "openSUSE-SU-2019:2057", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html"}, {"name": "openSUSE-SU-2019:2183", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html"}, {"name": "[debian-lts-announce] 20191006 [SECURITY] [DLA 1947-1] libreoffice security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html"}]}]}, "cveMetadata": {"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "assignerShortName": "Document Fdn.", "cveId": "CVE-2019-9848", "datePublished": "2019-07-17T11:21:57.813188Z", "dateReserved": "2019-03-17T00:00:00", "dateUpdated": "2024-09-16T22:50:55.703Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA10AA1D-3A0A-43B1-9556-BBC53865B5A6", "versionEndExcluding": "6.2.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5."}, {"lang": "es", "value": "LibreOffice presenta una funcionalidad donde los documentos pueden especificar que los scripts preinstalados pueden ser ejecutados en varios eventos de documentos, tal como el mouse-over, etc. Por lo general, LibreOffice tambi\u00e9n se incluye con LibreLogo, un script de gr\u00e1ficos vectoriales turtle programables, que puede ser manipulado para ejecutar comandos de python arbitrarios. Mediante el uso de la funcionalidad document event para activar LibreLogo para ejecutar python contenido en un documento, podr\u00eda ser construido un documento malicioso que ejecutar\u00eda comandos de python arbitrarios en silencio sin avisar. En las versiones corregidas, LibreLogo no puede ser llamado desde un controlador de eventos de documento. Este problema afecta: las versiones de LibreOffice anteriores a 6.2.5, de Document Foundation."}], "id": "CVE-2019-9848", "lastModified": "2023-11-07T03:13:47.047", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-17T12:15:10.770", "references": [{"source": "security@documentfoundation.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html"}, {"source": "security@documentfoundation.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html"}, {"source": "security@documentfoundation.org", "tags": ["Broken Link"], "url": "http://www.securityfocus.com/bid/109374"}, {"source": "security@documentfoundation.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html"}, {"source": "security@documentfoundation.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH/"}, {"source": "security@documentfoundation.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XPTZJCNN52VNGSVC5DFKVW3EDMRDWKMP/"}, {"source": "security@documentfoundation.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Aug/28"}, {"source": "security@documentfoundation.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201908-13"}, {"source": "security@documentfoundation.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4063-1/"}, {"source": "security@documentfoundation.org", "tags": ["Vendor Advisory"], "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9848"}], "sourceIdentifier": "security@documentfoundation.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:1151", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libreoffice-1:5.3.6.1-24.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-03-31T00:00:00Z"}], "bugzilla": {"description": "libreoffice: LibreLogo script can be manipulated into executing arbitrary python commands", "id": "1737427", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737427"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified"}, "cwe": "CWE-20", "details": ["LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5."], "name": "CVE-2019-9848", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libreoffice", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "libreoffice", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2019-08-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-9848\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9848\nhttps://www.libreoffice.org/about-us/security/advisories/CVE-2019-9848"], "threat_severity": "Moderate", "upstream_fix": "libreoffice 6.2.5"}