remote graphics contained in docx format retrieved in 'stealth mode'
CVE-2020-12802

5.3MEDIUM

Key Information:

Vendor

The Document Foundation

Status
Libreoffice
Vendor
CVE Published:
8 June 2020

What is CVE-2020-12802?

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where remote graphic links loaded from docx documents were omitted from this protection prior to version 6.4.4. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4.

Affected Version(s)

LibreOffice < 6.4.4

References

https://www.libreoffice.org/about-us/security/advisories/...
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2020...
vendor-advisory

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.