CVE-2018-6871

Published: 09 February 2018

LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.

Priority

CVSS 3 base score: 9.8

Status

Package	Release	Status
libreoffice Launchpad, Ubuntu, Debian	Upstream	Released (5.4.5,6.0.1)




	Ubuntu 16.04 ESM (Xenial Xerus)	Released (1:5.1.6~rc2-0ubuntu1~xenial3)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was released [1:4.2.8-0ubuntu5.3])
	Patches: Upstream: https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4&id=a916fc0c0e0e8b10cb4158fa0fa173fe205d434a Upstream: https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4&id=4ede45eb239b1604bca900c22481b7d13e4c2790 Upstream: https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4&id=e1946d75a1095c2596d7815600454ff01fcd3270 Upstream: https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4&id=2bef4debcf7650f3b3922134dff0332d4a95da3f Upstream: https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4&id=dc44111ad5965bf4179fc654b677e1e445dea2f0 Upstream: https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4&id=908854a7b281454332af434be9468ec45d420030

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2018-6871

High

Status

References

Join the discussion

Canonical is offering Extended Security Maintenance

Further reading