CVE-2019-9847

Name of the Vulnerable Software and Affected Versions LibreOffice versions prior to 6.1.6 LibreOffice versions 6.2 series prior to 6.2.3

Description The issue exists due to insufficient input validation in LibreOffice's hyperlink processing, allowing an attacker to construct documents with hyperlinks that point to an executable on the target user's file system. If the hyperlink is activated, the executable target is launched unconditionally. This affects the confidentiality, integrity, and availability of protected information.

Recommendations For versions prior to 6.1.6, update to version 6.1.6 or later. For versions 6.2 series prior to 6.2.3, update to version 6.2.3 or later. As a temporary workaround, consider avoiding the use of hyperlinks in LibreOffice documents until a patch is applied.