====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN339
_____________________________________________________________________

DATE                : 11/06/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running LibreOffice versions prior to
                                           6.4.4.

=====================================================================
https://www.libreoffice.org/about-us/security/advisories/cve-2020-12802/
_____________________________________________________________________

CVE-2020-12802

Title: CVE-2020-12802 remote graphics contained in docx format retrieved
in 'stealth mode'

Announced: Jun 08, 2020

Fixed in: 6.4.4


Description:

LibreOffice has a 'stealth mode' in which only documents from locations
deemed 'trusted' are allowed to retrieve remote resources. This mode is
not the default mode, but can be enabled by users who want to disable
LibreOffice's ability to include remote resources within a document. A
flaw existed where remote graphic links loaded from docx documents were
omitted from this protection prior to version 6.4.4.


Credits:

Thanks to Jens Müller of Ruhr University Bochum for discovering and
reporting this problem


References:

    CVE-2020-12802

=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================