VDB
SUSE-SU-2018%3A2485-2
SUSE-SU-2018%3A2485-2
PUBLISHED
CVSS 8.800000190734863 HIGH
Security update for libreoffice
Risk Scores
CVSS 4.0
8.800000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SUSE:Linux Enterprise Software Development Kit 12 SP4 | libreoffice | 0, 0 |
| SUSE:Linux Enterprise Desktop 12 SP4 | libreoffice | 0, 0 |
| SUSE:Linux Enterprise Workstation Extension 12 SP4 | libreoffice | 0, 0 |
Exploit Intelligence
- Updated python3 exploit for CVE-2018-10583 (LibreOffice/Open Office - '.odt' Information Disclosure ) (github-poc-repo)
- Updated python3 exploit for CVE-2018-10583 (LibreOffice/Open Office - '.odt' Information Disclosure ) (github-poc)
- An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by "xlink:href=file://192.168.0.2/test.jpg" within an "office:document-content" element in a ".odt XML document". (github-poc)
Timeline
- Dec 6, 2018 CVE Published
- Feb 4, 2026 CVE Updated
References
- https://www.suse.com/support/update/announcement/2018/suse-su-20182485-2/ advisory
- https://bugzilla.suse.com/1050305 report
- https://bugzilla.suse.com/1088262 report
- https://bugzilla.suse.com/1088263 report
- https://bugzilla.suse.com/1091606 report
- https://bugzilla.suse.com/1091772 report
- https://bugzilla.suse.com/1092699 report
- https://bugzilla.suse.com/1094359 report
- https://bugzilla.suse.com/1095601 report
- https://bugzilla.suse.com/1095639 report
- https://bugzilla.suse.com/1096673 report
- https://bugzilla.suse.com/1098891 report
- https://www.suse.com/security/cve/CVE-2018-10583 url