CVE-2019-9849 — MEDIUM (4.3)

Q: How severe is CVE-2019-9849?

CVE-2019-9849 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-9849?

Check the references section above for vendor advisories and patch information. Affected products include: Libreoffice Libreoffice, Canonical Ubuntu Linux, Fedoraproject Fedora, Debian Debian Linux, Opensuse Leap.

Vulnerability Description

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Libreoffice	Libreoffice	< 6.2.5
Canonical	Ubuntu Linux	16.04
Fedoraproject	Fedora	29
Debian	Debian Linux	8.0
Opensuse	Leap	15.0

References

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.htmlMailing ListThird Party Advisory
http://www.securityfocus.com/bid/109374Broken Link
https://lists.debian.org/debian-lts-announce/2019/10/msg00005.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://security.gentoo.org/glsa/201908-13Third Party Advisory
https://usn.ubuntu.com/4063-1/Third Party Advisory
https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9849Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.htmlMailing ListThird Party Advisory
http://www.securityfocus.com/bid/109374Broken Link
https://lists.debian.org/debian-lts-announce/2019/10/msg00005.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro

FAQ

What is CVE-2019-9849?

CVE-2019-9849 is a vulnerability with a CVSS score of 4.3 (MEDIUM). LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who wa...

How severe is CVE-2019-9849?

CVE-2019-9849 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-9849?

Check the references section above for vendor advisories and patch information. Affected products include: Libreoffice Libreoffice, Canonical Ubuntu Linux, Fedoraproject Fedora, Debian Debian Linux, Opensuse Leap.