CVE-2018-16858

Name of the Vulnerable Software and Affected Versions LibreOffice versions prior to 6.0.7 LibreOffice versions prior to 6.1.3

Description The issue is caused by a buffer overflow in memory, allowing a remote attacker to execute arbitrary code using a specially crafted document. It was also found that LibreOffice is vulnerable to a directory traversal attack, which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document to execute a Python method from a script in any arbitrary file system location. A directory traversal vulnerability in LibreOffice allows remote attackers to execute code via a specially crafted ODT file.

Recommendations For versions prior to 6.0.7, update to version 6.0.7 or later to resolve the issue. For versions prior to 6.1.3, update to version 6.1.3 or later to resolve the issue. As a temporary workaround, consider disabling the execution of macros from arbitrary file system locations to minimize the risk of exploitation. Avoid opening specially crafted ODT files from untrusted sources until the issue is resolved.