A flaw was found in the Libreoffice package. An attacker can craft an odb containing a “database/script” file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | hsqldb | < 2.7.1-1+deb12u1 | hsqldb_2.7.1-1+deb12u1_all.deb |
Debian | 11 | all | hsqldb | < 2.5.1-1+deb11u2 | hsqldb_2.5.1-1+deb11u2_all.deb |
Debian | 10 | all | hsqldb | < 2.4.1-2+deb10u2 | hsqldb_2.4.1-2+deb10u2_all.deb |
Debian | 999 | all | hsqldb | < 2.7.2-1 | hsqldb_2.7.2-1_all.deb |
Debian | 13 | all | hsqldb | < 2.7.2-1 | hsqldb_2.7.2-1_all.deb |
Debian | 12 | all | hsqldb1.8.0 | < 1.8.0.10+dfsg-11+deb12u1 | hsqldb1.8.0_1.8.0.10+dfsg-11+deb12u1_all.deb |
Debian | 11 | all | hsqldb1.8.0 | < 1.8.0.10+dfsg-10+deb11u1 | hsqldb1.8.0_1.8.0.10+dfsg-10+deb11u1_all.deb |
Debian | 10 | all | hsqldb1.8.0 | < 1.8.0.10+dfsg-10+deb10u1 | hsqldb1.8.0_1.8.0.10+dfsg-10+deb10u1_all.deb |
Debian | 999 | all | hsqldb1.8.0 | < 1.8.0.10+dfsg-12 | hsqldb1.8.0_1.8.0.10+dfsg-12_all.deb |
Debian | 13 | all | hsqldb1.8.0 | < 1.8.0.10+dfsg-12 | hsqldb1.8.0_1.8.0.10+dfsg-12_all.deb |