CVE-2018-10583

NameCVE-2018-10583
DescriptionAn information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libreoffice (PTS)jessie, jessie (lts)1:4.3.3-2+deb8u15vulnerable
stretch (security)1:5.2.7-1+deb9u11vulnerable
stretch (lts), stretch1:6.1.5-3+deb9u5vulnerable
buster, buster (lts)1:6.1.5-3+deb10u14vulnerable
buster (security)1:6.1.5-3+deb10u12vulnerable
bullseye1:7.0.4-4+deb11u10vulnerable
bullseye (security)1:7.0.4-4+deb11u11vulnerable
bookworm4:7.4.7-1+deb12u4vulnerable
bookworm (security)4:7.4.7-1+deb12u5vulnerable
sid, trixie4:24.8.2-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libreofficesource(unstable)(unfixed)unimportant

Notes

http://secureyourit.co.uk/wp/2018/05/01/creating-malicious-odt-files/
This is the generic behaviour of accessing remote SMB shares and not limited to
Libreoffice. This can e.g. be addressed by rejecting outgoing SMB connections
from the local network
The following commit adds this class of access to the list of trusted locations:
https://cgit.freedesktop.org/libreoffice/core/commit/?id=0b7f4a4f57117fde33d0b1df96134aa6ccce023e

Search for package or bug name: Reporting problems