CVE-2025-0514

Опубликовано: 25 фев. 2025

Источник: redhat

CVSS3: 6.5

Описание

Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targets to be executed unconditionally on activation.This issue affects LibreOffice: from 24.8 before < 24.8.5.

A flaw was found in LibreOffice. LibreOffice has a feature where CTRL+click can activate hyperlinks in a document. In Windows systems, the link can be passed to the system ShellExecute function for handling. LibreOffice uses a mechanism to block paths to executable targets to ShellExecute to avoid attempting to launch executables. In affected versions, this mechanism could be bypassed by using non-file URLs that ShellExecute could interpret as Windows file paths.

Отчет

This vulnerability is specific to Windows. Red Hat is not affected.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	libreoffice	Not affected
Red Hat Enterprise Linux 7	libreoffice	Not affected
Red Hat Enterprise Linux 8	libreoffice	Not affected
Red Hat Enterprise Linux 9	libreoffice	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-20

https://bugzilla.redhat.com/show_bug.cgi?id=2347608libreoffice: Executable hyperlink Windows path targets executed unconditionally on activation

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2025-0514

CVSS3: 7.8

ubuntu

10 месяцев назад

CVE-2025-0514

CVSS3: 7.8

nvd

10 месяцев назад

CVE-2025-0514

CVSS3: 7.8

debian

10 месяцев назад

Improper Input Validation vulnerability in The Document Foundation Lib ...

GHSA-f6mr-g7jq-gx82

CVSS3: 7.8

github

10 месяцев назад

BDU:2025-02112

CVSS3: 7.6

fstec

10 месяцев назад

Уязвимость пакета офисных программ LibreOffice, связанная с ошибками при обработке гиперссылок в документе, позволяющая нарушителю выполнить произвольный код

6.5 Medium

CVSS3