First published: Tue May 01 2018(Updated: )
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Libreoffice Libreoffice | =6.0.3 | |
Apache OpenOffice | =4.1.5 | |
Debian Debian Linux | =7.0 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Workstation | =7.0 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
ubuntu/libreoffice | <1:4.2.8-0ubuntu5.5 | 1:4.2.8-0ubuntu5.5 |
ubuntu/libreoffice | <1:5.1.6~ | 1:5.1.6~ |
debian/libreoffice | <=1:7.0.4-4+deb11u9<=1:7.0.4-4+deb11u10<=4:7.4.7-1+deb12u3<=4:7.4.7-1+deb12u4<=4:24.2.5-3 |
https://cgit.freedesktop.org/libreoffice/core/commit/?id=0b7f4a4f57117fde33d0b1df96134aa6ccce023e
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-10583 is an information disclosure vulnerability in LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5.
CVE-2018-10583 has a severity rating of 7.5 (High).
CVE-2018-10583 occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file.
CVE-2018-10583 affects LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5.
There are no known remedies for CVE-2018-10583.