LibreOffice versions 7.4.1, 7.3.6 and earlier are vulnerable. Update LibreOffice as soon as possible. In addition to the LibreOffice vulnerability this issue also affects the following products: Microsoft SharePoint Server 2016 Microsoft SharePoint Server 2013 Microsoft SharePoint Server 2010 Microsoft SharePoint Server 2007 Microsoft SharePoint Server 2010 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint Versions 2007 and 2010 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint Versions 2003 and 2007 Changelogs: LibreOffice 7.4.1 released.
Some users reported unexpected quit of LibreOffice when they tried to open documents created with version prior to 7.4. Exploitation of this issue could lead to execution of arbitrary code with the privileges of the user. LibreOffice users are advised to update to the latest version as soon as possible, preferably before LibreOffice begins its summer release cycle. -

Microsoft SharePoint Server 2016

Microsoft SharePoint Server 2016 is affected by this issue. Customers are advised to update their installations to the latest version as soon as possible.

LibreOffice vulnerability summary

The LibreOffice vulnerability is a memory corruption issue in LibreOffice. If exploited, this issue could allow for the execution of arbitrary code with the privileges of the user.

LibreOffice 7.3.6 released

On Thursday, June 21, 2019, LibreOffice released new versions 7.3.6 and 7.4.1 which address CVE-2022-3140.
Both LibreOffice releases are available for download from https://www.libreoffice.org/download/ .

Timeline

Published on: 10/11/2022 21:15:00 UTC
Last modified on: 11/07/2022 14:44:00 UTC

References