Select Page

Are you using LibreOffice?

You should be extra careful about what document files you open using the LibreOffice software over the next few days.

That’s because LibreOffice contains a severe unpatched code execution vulnerability that could sneak malware into your system as soon as you open a maliciously-crafted document file.

LibreOffice is one of the most popular and open source alternatives to Microsoft Office suite and is available for Windows, Linux and macOS systems.

Earlier this month, LibreOffice released the latest version 6.2.5 of its software that addresses two severe vulnerabilities (CVE-2019-9848 and CVE-2019-9849), but the patch for the former has now been bypassed, security researcher Alex Inführ claims.

Though Inführ has not yet disclosed details of the technique that allowed him to bypass the patch, the impact of this vulnerability remains the same, as explained below.

1.) CVE-2019-9848: This vulnerability, which still exists in the latest version, resides in LibreLogo, a programmable turtle vector graphics script that ships by default with LibreOffice.

LibreLogo allows users to specify pre-installed scripts in a document that can be executed on various events such as mouse-over.

images from Hacker News