Mageia 8 MGASA-2022-0400 Critical: LibreOffice Script Execution Risk
mageia
October 28, 2022
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server
Summary
LibreOffice supports Office URI Schemes to enable browser integration of
LibreOffice with MS SharePoint server. An additional scheme
'vnd.libreoffice.command' specific to LibreOffice was added. In the
affected versions of LibreOffice links using that scheme could be
constructed to call internal macros with arbitrary arguments. Which when
clicked on, or activated by document events, could result in arbitrary
script execution without warning. (CVE-2022-3140)
References
- https://bugs.mageia.org/show_bug.cgi?id=30959
-
- https://lists.debian.org/debian-security-announce/2022/msg00221.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TORANVTIWWBH3DNJR4UZATAG67KZOH32/
- https://www.cve.org/CVERecord?id=CVE-2022-3140
Topics Covered
Resolution
SRPMS
- 8/core/libreoffice-7.3.6.2-1.mga8
- 8/core/libmwaw-0.3.21-1.mga8
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 28 Oct 2022
URL: https://advisories.mageia.org/MGASA-2022-0400.html
Type: security
CVE: CVE-2022-3140
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!