Unrated severityNVD Advisory· Published Mar 25, 2019· Updated Aug 5, 2024
CVE-2018-16858
CVE-2018-16858
Description
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
55<6.0.7, <6.1.3+ 1 more
- (no CPE)range: <6.0.7, <6.1.3
- (no CPE)range: 6.0.7
- osv-coords53 versionspkg:rpm/opensuse/libixion&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/libixion&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/liborcus&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/liborcus&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/libreoffice&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/libreoffice&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/libreoffice&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/libwps&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/libwps&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/mdds-1_4&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/mdds-1_4&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/myspell-dictionaries&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/myspell-dictionaries&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/libixion&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/libixion&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/libixion&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/libixion&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/libixion&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3pkg:rpm/suse/libixion&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4pkg:rpm/suse/libixion&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015pkg:rpm/suse/libixion&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP1pkg:rpm/suse/liborcus&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/liborcus&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/liborcus&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/liborcus&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/liborcus&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3pkg:rpm/suse/liborcus&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4pkg:rpm/suse/liborcus&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015pkg:rpm/suse/liborcus&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP1pkg:rpm/suse/libreoffice&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/libreoffice&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/libreoffice&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/libreoffice&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/libreoffice&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3pkg:rpm/suse/libreoffice&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4pkg:rpm/suse/libreoffice&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015pkg:rpm/suse/libreoffice&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP1pkg:rpm/suse/libwps&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/libwps&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/libwps&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/libwps&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/libwps&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3pkg:rpm/suse/libwps&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4pkg:rpm/suse/libwps&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015pkg:rpm/suse/libwps&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP1pkg:rpm/suse/myspell-dictionaries&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/myspell-dictionaries&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/myspell-dictionaries&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/myspell-dictionaries&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/myspell-dictionaries&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3pkg:rpm/suse/myspell-dictionaries&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4pkg:rpm/suse/myspell-dictionaries&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015pkg:rpm/suse/myspell-dictionaries&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP1
< 0.14.1-lp151.4.3.1+ 52 more
- (no CPE)range: < 0.14.1-lp151.4.3.1
- (no CPE)range: < 0.14.1-lp151.4.3.1
- (no CPE)range: < 0.14.1-lp151.3.3.1
- (no CPE)range: < 0.14.1-lp151.3.3.1
- (no CPE)range: < 6.2.5.2-lp151.3.3.4
- (no CPE)range: < 6.2.5.2-lp151.3.3.4
- (no CPE)range: < 7.1.5.2-3.13
- (no CPE)range: < 0.4.10-lp151.2.3.1
- (no CPE)range: < 0.4.10-lp151.2.3.1
- (no CPE)range: < 1.4.3-lp151.2.1
- (no CPE)range: < 1.4.3-lp151.2.1
- (no CPE)range: < 20190423-lp151.2.3.1
- (no CPE)range: < 20190423-lp151.2.3.1
- (no CPE)range: < 0.14.1-13.9.2
- (no CPE)range: < 0.14.1-13.9.2
- (no CPE)range: < 0.14.1-13.9.2
- (no CPE)range: < 0.14.1-13.9.2
- (no CPE)range: < 0.14.1-13.9.2
- (no CPE)range: < 0.14.1-13.9.2
- (no CPE)range: < 0.14.1-4.3.8
- (no CPE)range: < 0.14.1-4.3.8
- (no CPE)range: < 0.14.1-10.12.2
- (no CPE)range: < 0.14.1-10.12.2
- (no CPE)range: < 0.14.1-10.12.2
- (no CPE)range: < 0.14.1-10.12.2
- (no CPE)range: < 0.14.1-10.12.2
- (no CPE)range: < 0.14.1-10.12.2
- (no CPE)range: < 0.14.1-3.3.8
- (no CPE)range: < 0.14.1-3.3.8
- (no CPE)range: < 6.2.3.2-43.49.1
- (no CPE)range: < 6.2.3.2-43.49.1
- (no CPE)range: < 6.2.3.2-43.49.1
- (no CPE)range: < 6.2.3.2-43.49.1
- (no CPE)range: < 6.2.3.2-43.49.1
- (no CPE)range: < 6.2.3.2-43.49.1
- (no CPE)range: < 6.2.5.2-3.18.5
- (no CPE)range: < 6.2.5.2-8.5.1
- (no CPE)range: < 0.4.10-10.13.2
- (no CPE)range: < 0.4.10-10.13.2
- (no CPE)range: < 0.4.10-10.13.2
- (no CPE)range: < 0.4.10-10.13.2
- (no CPE)range: < 0.4.10-10.13.2
- (no CPE)range: < 0.4.10-10.13.2
- (no CPE)range: < 0.4.10-3.6.7
- (no CPE)range: < 0.4.10-7.3.3
- (no CPE)range: < 20190423-16.18.1
- (no CPE)range: < 20190423-16.18.1
- (no CPE)range: < 20190423-3.9.7
- (no CPE)range: < 20190423-3.9.7
- (no CPE)range: < 20190423-16.18.1
- (no CPE)range: < 20190423-16.18.1
- (no CPE)range: < 20190423-3.9.7
- (no CPE)range: < 20190423-3.9.7
Patches
Vulnerability mechanics
References
8- www.exploit-db.com/exploits/46727/mitreexploitx_refsource_EXPLOIT-DB
- lists.opensuse.org/opensuse-security-announce/2019-08/msg00059.htmlmitrevendor-advisoryx_refsource_SUSE
- access.redhat.com/errata/RHSA-2019:2130mitrevendor-advisoryx_refsource_REDHAT
- packetstormsecurity.com/files/152560/LibreOffice-Macro-Code-Execution.htmlmitrex_refsource_MISC
- www.rapid7.com/db/modules/exploit/multi/fileformat/libreoffice_macro_execmitrex_refsource_MISC
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
- seclists.org/bugtraq/2019/Aug/28mitremailing-listx_refsource_BUGTRAQ
- www.libreoffice.org/about-us/security/advisories/cve-2018-16858/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.