5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
55.1%
LibreOffice has a ‘stealth mode’ in which only documents from locations
deemed ‘trusted’ are allowed to retrieve remote resources. This mode is not
the default mode, but can be enabled by users who want to disable
LibreOffice’s ability to include remote resources within a document. A flaw
existed where remote graphic links loaded from docx documents were omitted
from this protection prior to version 6.4.4. This issue affects: The
Document Foundation LibreOffice versions prior to 6.4.4.
Author | Note |
---|---|
mdeslaur | Fixing this in bionic and earlier releases would require massive code changes and would risk introducing regressions. We will not be fixing this in bionic and earlier. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | libreoffice | < 1:6.4.7-0ubuntu0.20.04.1 | UNKNOWN |
ubuntu | 20.10 | noarch | libreoffice | < 1:6.4.4-0ubuntu1 | UNKNOWN |
ubuntu | 21.04 | noarch | libreoffice | < 1:6.4.4-0ubuntu1 | UNKNOWN |
ubuntu | 21.10 | noarch | libreoffice | < 1:6.4.4-0ubuntu1 | UNKNOWN |
ubuntu | 22.04 | noarch | libreoffice | < 1:6.4.4-0ubuntu1 | UNKNOWN |
ubuntu | 22.10 | noarch | libreoffice | < 1:6.4.4-0ubuntu1 | UNKNOWN |
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
55.1%