CVE-2020-12802

CVE-2020-12802

Name

CVE-2020-12802

Description

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where remote graphic links loaded from docx documents were omitted from this protection prior to version 6.4.4. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Vendor Advisory	https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12802
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQIBAKXD7VO5IGBD7ZMH3GGBNR5R2IOA/
Mailing List	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00042.html
SUSE	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00058.html
security@documentfoundation.org	https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html
security@documentfoundation.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PQIBAKXD7VO5IGBD7ZMH3GGBNR5R2IOA/

Type

URI

Vendor Advisory

https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12802

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQIBAKXD7VO5IGBD7ZMH3GGBNR5R2IOA/

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00042.html

SUSE

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00058.html

security@documentfoundation.org

https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html

security@documentfoundation.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PQIBAKXD7VO5IGBD7ZMH3GGBNR5R2IOA/

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:libreoffice:libreoffice::::::::`	libreoffice	>= None	< 6.4.4

CPE URI

Source package

Min version

Max version

cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*

libreoffice

>= None

< 6.4.4

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
libreoffice	edge-community	6.4.4.2-r0	None	fixed
libreoffice	edge-community	6.4.3.2-r0	None	possibly vulnerable
libreoffice	edge-community	6.3.1.2-r0	None	possibly vulnerable
libreoffice	edge-community	6.3.0.4-r0	None	possibly vulnerable
libreoffice	edge-community	6.2.5.2-r0	None	possibly vulnerable
libreoffice	3.22-community	6.4.4.2-r0	None	fixed
libreoffice	3.22-community	6.4.3.2-r0	None	possibly vulnerable
libreoffice	3.22-community	6.3.1.2-r0	None	possibly vulnerable
libreoffice	3.22-community	6.3.0.4-r0	None	possibly vulnerable
libreoffice	3.22-community	6.2.5.2-r0	None	possibly vulnerable
libreoffice	3.21-community	6.4.4.2-r0	None	fixed
libreoffice	3.20-community	6.4.4.2-r0	None	fixed
libreoffice	3.19-community	6.4.4.2-r0	None	fixed
libreoffice	3.18-community	6.4.4.2-r0	None	fixed
libreoffice	3.17-community	6.4.4.2-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages