Vulnerability Details : CVE-2019-9849
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5.
Products affected by CVE-2019-9849
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
- cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-9849
0.38%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 73 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-9849
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST |
References for CVE-2019-9849
-
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html
[security-announce] openSUSE-SU-2019:2183-1: moderate: Security update fMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPTZJCNN52VNGSVC5DFKVW3EDMRDWKMP/
[SECURITY] Fedora 30 Update: libreoffice-6.2.5.2-1.fc30 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html
[security-announce] openSUSE-SU-2019:2057-1: important: Security updateMailing List;Third Party Advisory
-
https://usn.ubuntu.com/4063-1/
USN-4063-1: LibreOffice vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9849
CVE-2019-9849 | LibreOffice - Free Office Suite - Fun Project - Fantastic PeopleVendor Advisory
-
https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html
[SECURITY] [DLA 1947-1] libreoffice security updateMailing List;Third Party Advisory
-
http://www.securityfocus.com/bid/109374
LibreOffice Remote Code Execution and Unauthorized Access VulnerabilitiesBroken Link
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH/
[SECURITY] Fedora 29 Update: libreoffice-6.1.6.3-3.fc29 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://security.gentoo.org/glsa/201908-13
LibreOffice: Multiple vulnerabilities (GLSA 201908-13) — Gentoo securityThird Party Advisory
Jump to