Advisories ยป MGASA-2022-0400

Updated libreoffice packages fix security vulnerability

Publication date: 28 Oct 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-3140


LibreOffice supports Office URI Schemes to enable browser integration of
LibreOffice with MS SharePoint server. An additional scheme
'vnd.libreoffice.command' specific to LibreOffice was added. In the
affected versions of LibreOffice links using that scheme could be
constructed to call internal macros with arbitrary arguments. Which when
clicked on, or activated by document events, could result in arbitrary
script execution without warning. (CVE-2022-3140)