How severe is CVE-2019-9855?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2019-9855?

This is classified as CWE-417, which is a common weakness in software security.

CVE-2019-9855 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added to block calling LibreLogo from script event handers. However a Windows 8.3 path equivalence handling flaw left LibreOffice vulnerable under Windows that a document could trigger executing LibreLogo via a Windows filename pseudonym. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1.

Related Vulnerabilities

CVE-2017-1000197

CRITICAL

CVSS:9.8(Critical)

October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server.

CWE-4172017

CVE-2017-6520

CRITICAL

CVSS:9.1(Critical)

The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 inadvertently responds to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a den...

CWE-4172017

CVE-2017-1000197

CRITICAL

CVSS:9.8(Critical)

October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server.

CWE-4172017

CVE-2017-6520

CRITICAL

CVSS:9.1(Critical)

CWE-4172017

CVE-2017-7760

HIGH

CVSS:7.8(High)

The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. The location of the original file can be altered by a malicious user by passing a...

CWE-4172017

CVE-2016-9879

HIGH

CVSS:7.5(High)

An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints...

CWE-4172016