{"containers": {"cna": {"affected": [{"product": "LibreOffice", "vendor": "Document Foundation", "versions": [{"lessThan": "6.2.6", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Thanks to Gabriel Masei of 1&1 for discovering and reporting this issue"}], "datePublic": "2019-08-15T00:00:00", "descriptions": [{"lang": "en", "value": "LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6."}], "problemTypes": [{"descriptions": [{"description": "arbitrary script execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-06T13:06:06", "orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn."}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9851"}, {"name": "20190815 [SECURITY] [DSA 4501-1] libreoffice security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Aug/28"}, {"name": "DSA-4501", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4501"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/154168/LibreOffice-Macro-Python-Code-Execution.html"}, {"name": "FEDORA-2019-2fe22a3a2c", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH/"}, {"name": "USN-4102-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4102-1/"}, {"name": "openSUSE-SU-2019:2057", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html"}, {"name": "openSUSE-SU-2019:2183", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html"}, {"name": "[debian-lts-announce] 20191006 [SECURITY] [DLA 1947-1] libreoffice security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html"}], "source": {"discovery": "EXTERNAL"}, "title": "LibreLogo global-event script execution", "x_generator": {"engine": "Vulnogram 0.0.7"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@documentfoundation.org", "DATE_PUBLIC": "2019-08-15T00:00:00.000Z", "ID": "CVE-2019-9851", "STATE": "PUBLIC", "TITLE": "LibreLogo global-event script execution"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "LibreOffice", "version": {"version_data": [{"version_affected": "<", "version_value": "6.2.6"}]}}]}, "vendor_name": "Document Foundation"}]}}, "credit": [{"lang": "eng", "value": "Thanks to Gabriel Masei of 1&1 for discovering and reporting this issue"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6."}]}, "generator": {"engine": "Vulnogram 0.0.7"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "arbitrary script execution"}]}]}, "references": {"reference_data": [{"name": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9851", "refsource": "CONFIRM", "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9851"}, {"name": "20190815 [SECURITY] [DSA 4501-1] libreoffice security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Aug/28"}, {"name": "DSA-4501", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4501"}, {"name": "http://packetstormsecurity.com/files/154168/LibreOffice-Macro-Python-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/154168/LibreOffice-Macro-Python-Code-Execution.html"}, {"name": "FEDORA-2019-2fe22a3a2c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH/"}, {"name": "USN-4102-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4102-1/"}, {"name": "openSUSE-SU-2019:2057", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html"}, {"name": "openSUSE-SU-2019:2183", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html"}, {"name": "[debian-lts-announce] 20191006 [SECURITY] [DLA 1947-1] libreoffice security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:01:55.130Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9851"}, {"name": "20190815 [SECURITY] [DSA 4501-1] libreoffice security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Aug/28"}, {"name": "DSA-4501", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4501"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/154168/LibreOffice-Macro-Python-Code-Execution.html"}, {"name": "FEDORA-2019-2fe22a3a2c", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH/"}, {"name": "USN-4102-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4102-1/"}, {"name": "openSUSE-SU-2019:2057", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html"}, {"name": "openSUSE-SU-2019:2183", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html"}, {"name": "[debian-lts-announce] 20191006 [SECURITY] [DLA 1947-1] libreoffice security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html"}]}]}, "cveMetadata": {"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "assignerShortName": "Document Fdn.", "cveId": "CVE-2019-9851", "datePublished": "2019-08-15T21:35:46.759573Z", "dateReserved": "2019-03-17T00:00:00", "dateUpdated": "2024-09-16T22:03:31.541Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*", "matchCriteriaId": "32F74064-7FE4-4BB6-86BB-83AE52D38E87", "versionEndExcluding": "6.2.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6."}, {"lang": "es", "value": "LibreOffice est\u00e1 com\u00fanmente incorporada con LibreLogo, un script de gr\u00e1ficos vectoriales turtle programables, lo que puede ejecutar comandos arbitrarios de python contenidos con el documento desde que se inicia. Se agreg\u00f3 protecci\u00f3n, para abordar el CVE-2019-9848, para bloquear las llamadas a LibreLogo desde los manejadores de script de eventos de documentos, p.ej. mouse over. Sin embargo, LibreOffice tambi\u00e9n presenta una funcionalidad separada en la que los documentos pueden especificar que los scripts preinstalados pueden ser ejecutados en varios eventos de script globales, tales como document-open, etc. Este problema afecta: Document Foundation LibreOffice versiones anteriores a 6.2.6."}], "id": "CVE-2019-9851", "lastModified": "2023-11-07T03:13:47.330", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-15T22:15:22.290", "references": [{"source": "security@documentfoundation.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html"}, {"source": "security@documentfoundation.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html"}, {"source": "security@documentfoundation.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/154168/LibreOffice-Macro-Python-Code-Execution.html"}, {"source": "security@documentfoundation.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html"}, {"source": "security@documentfoundation.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH/"}, {"source": "security@documentfoundation.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Aug/28"}, {"source": "security@documentfoundation.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4102-1/"}, {"source": "security@documentfoundation.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4501"}, {"source": "security@documentfoundation.org", "tags": ["Vendor Advisory"], "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9851"}], "sourceIdentifier": "security@documentfoundation.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:1151", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libreoffice-1:5.3.6.1-24.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-03-31T00:00:00Z"}, {"advisory": "RHSA-2020:1598", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "libreoffice-1:6.0.6.1-20.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}], "bugzilla": {"description": "libreoffice: LibreLogo global-event script execution", "id": "1744866", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1744866"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-94", "details": ["LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6."], "name": "CVE-2019-9851", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libreoffice", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2019-08-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-9851\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9851\nhttps://www.libreoffice.org/about-us/security/advisories/CVE-2019-9851"], "threat_severity": "Moderate", "upstream_fix": "LibreOffice 6.2.6, LibreOffice 6.3.0"}