Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-3140

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary script execution without warning. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.1; 7.3 versions prior to 7.3.6.

Published

2022-10-11T21:15:16.367

Last Modified

2024-11-21T07:18:54.577

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-20
Type: Primary
CWE-88

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	libreoffice	libreoffice	< 7.3.6	Yes
Application	libreoffice	libreoffice	7.4.0	Yes
Operating System	debian	debian_linux	11.0	Yes
Operating System	fedoraproject	fedora	35	Yes

References

https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TORANVTIWWBH3DNJR4UZATAG67KZOH32/ ([email protected])
https://security.gentoo.org/glsa/202212-04 Third Party Advisory ([email protected])
https://www.debian.org/security/2022/dsa-5252 Third Party Advisory ([email protected])
https://www.libreoffice.org/about-us/security/advisories/CVE-2022-3140 Vendor Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TORANVTIWWBH3DNJR4UZATAG67KZOH32/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202212-04 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2022/dsa-5252 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.libreoffice.org/about-us/security/advisories/CVE-2022-3140 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)