Detections
Analytics

Alpine: multiple libreoffice packages: security update to 6.2.5.2-r0

critical Tenable Cloud Security Plugin ID 405253

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

 - LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on
 various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a
 programmable turtle vector graphics script, which can be manipulated into executing arbitrary python
 commands. By using the document event feature to trigger LibreLogo to execute python contained within a
 document a malicious document could be constructed which would execute arbitrary python commands silently
 without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This
 issue affects: Document Foundation LibreOffice versions prior to 6.2.5. (CVE-2019-9848)

 - LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to
 retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to
 disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet
 graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation
 LibreOffice versions prior to 6.2.5. (CVE-2019-9849)

See Also

https://security.alpinelinux.org/vuln/CVE-2019-9848

https://security.alpinelinux.org/vuln/CVE-2019-9849

Plugin Details

Severity: Critical

ID: 405253

Version: Revision 1.31

Type: Local

Published: 10/31/2023

Updated: 6/22/2026

Supported Sensors: Agentless Assessment

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-9848

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 7/16/2019

Exploitable With

Core Impact

Reference Information

CVE: CVE-2019-9848, CVE-2019-9849

BID: 109374

IAVB: 2019-B-0067-S