CVE-2018-6871
Published: 9 February 2018
LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
libreoffice Launchpad, Ubuntu, Debian |
artful |
Released
(1:5.4.5-0ubuntu0.17.10.1)
|
| trusty |
Released
(1:4.2.8-0ubuntu5.3)
|
|
| upstream |
Released
(5.4.5,6.0.1)
|
|
| xenial |
Released
(1:5.1.6~rc2-0ubuntu1~xenial3)
|
|
|
Patches: upstream: https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4&id=a916fc0c0e0e8b10cb4158fa0fa173fe205d434a upstream: https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4&id=4ede45eb239b1604bca900c22481b7d13e4c2790 upstream: https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4&id=e1946d75a1095c2596d7815600454ff01fcd3270 upstream: https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4&id=2bef4debcf7650f3b3922134dff0332d4a95da3f upstream: https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4&id=dc44111ad5965bf4179fc654b677e1e445dea2f0 upstream: https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4&id=908854a7b281454332af434be9468ec45d420030 |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 9.8 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |