Skip to content

GitLab

  • Menu
Projects Groups Snippets
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • Adélie Package Tree Adélie Package Tree
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 354
    • Issues 354
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 21
    • Merge requests 21
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Releases
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Adélie Linux
  • Adélie Package TreeAdélie Package Tree
  • Issues
  • #111

Closed
Open
Created Jul 24, 2019 by Emily@emily🤖

user/libreoffice: CVE-2019-9847: hyperlink to executable unconditionally launched

Bugzilla ID 111
Alias(es) CVE-2019-9847
Reporter Max Rees (sroracle)
Assignee Max Rees (sroracle)
Reported 2019-07-24 13:55:27 -0500
Modified 2019-07-24 13:56:01 -0500
Status RESOLVED NOTABUG
Version 1.0-BETA3
Hardware Adélie Linux / All
Importance --- / normal
URL https://nvd.nist.gov/vuln/detail/CVE-2019-9847

Description

A vulnerability in LibreOffice hyperlink processing allows an attacker
to construct documents containing hyperlinks pointing to the location
of an executable on the target users file system. If the hyperlink is
activated by the victim the executable target is unconditionally
launched. Under Windows and macOS when processing a hyperlink target
explicitly activated by the user there was no judgment made on whether
the target was an executable file, so such executable targets were
launched unconditionally. This issue affects: All LibreOffice Windows
and macOS versions prior to 6.1.6; LibreOffice Windows and macOS
versions in the 6.2 series prior to 6.2.3.

Does not apply to Linux.

Edited Feb 02, 2022 by Zach van Rijn
Assignee
Assign to
Time tracking