LibreOffice has a feature where documents can specify that pre-installed
macros can be executed on various script events such as mouse-over,
document-open etc. Access is intended to be restricted to scripts under the
share/Scripts/python, user/Scripts/python sub-directories of the
LibreOffice install. Protection was added, to address CVE-2019-9852, to
avoid a directory traversal attack where scripts in arbitrary locations on
the file system could be executed by employing a URL encoding attack to
defeat the path verification step. However this protection could be
bypassed by taking advantage of a flaw in how LibreOffice assembled the
final script URL location directly from components of the passed in path as
opposed to solely from the sanitized output of the path verification step.
This issue affects: Document Foundation LibreOffice 6.2 versions prior to
6.2.7; 6.3 versions prior to 6.3.1.
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (1:5.1.6~rc2-0ubuntu1~xenial10)
Ubuntu 18.04 LTS (Bionic Beaver):released (1:6.0.7-0ubuntu0.18.04.10)
More Information

Updated: 2020-09-10 06:34:44 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)