First published: Mon Dec 11 2023(Updated: )
Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.
Credit: security@documentfoundation.org security@documentfoundation.org
Affected Software | Affected Version | How to fix |
---|---|---|
Libreoffice Libreoffice | >=7.5.0<7.5.9 | |
Libreoffice Libreoffice | >=7.6.0<7.6.4 | |
Fedoraproject Fedora | =38 | |
Debian Debian Linux | =11.0 | |
Debian Debian Linux | =12.0 | |
redhat/LibreOffice | <7.5.9 | 7.5.9 |
redhat/LibreOffice | <7.6.4 | 7.6.4 |
ubuntu/libreoffice | <1:6.4.7-0ubuntu0.20.04.9 | 1:6.4.7-0ubuntu0.20.04.9 |
ubuntu/libreoffice | <1:7.3.7-0ubuntu0.22.04.4 | 1:7.3.7-0ubuntu0.22.04.4 |
ubuntu/libreoffice | <4:7.5.9-0ubuntu0.23.04.1 | 4:7.5.9-0ubuntu0.23.04.1 |
ubuntu/libreoffice | <4:7.6.4-0ubuntu0.23.10.1 | 4:7.6.4-0ubuntu0.23.10.1 |
ubuntu/libreoffice | <7.5.9<7.6.4 | 7.5.9 7.6.4 |
debian/libreoffice | <=1:6.1.5-3+deb10u7 | 1:6.1.5-3+deb10u11 1:7.0.4-4+deb11u8 4:7.4.7-1+deb12u1 4:24.2.0-1 4:24.2.3-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.