libreoffice is vulnerable to Remote Code Execution (RCE). The vulnerability exists because an additional scheme vnd.libreoffice.command
was added which allows an attacker to call internal macros with arbitrary arguments.
lists.debian.org/debian-lts-announce/2023/03/msg00022.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TORANVTIWWBH3DNJR4UZATAG67KZOH32/
lists.fedoraproject.org/archives/list/[email protected]/message/TORANVTIWWBH3DNJR4UZATAG67KZOH32/
security-tracker.debian.org/tracker/CVE-2022-3140
security.gentoo.org/glsa/202212-04
www.debian.org/security/2022/dsa-5252
www.libreoffice.org/about-us/security/advisories/CVE-2022-3140