CVE-2020-12802

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where remote graphic links loaded from docx documents were omitted from this protection prior to version 6.4.4. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4.

Published: Jun 8, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-12802
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
libreoffice / libreoffice	-	6.4.4
fedoraproject / fedora	31	31.x
opensuse / leap	15.1	15.1.x
opensuse / leap	15.2	15.2.x

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00042.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00058.html
https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html
https://lists.fedoraproject.org/archives/list/[email protected]/message/PQIBAKXD7VO5IGBD7ZMH3GGBNR5R2IOA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PQIBAKXD7VO5IGBD7ZMH3GGBNR5R2IOA/
https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12802

Vulnerability Database

289,697

CVE-2020-12802