How severe is CVE-2019-9853?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2019-9853?

This is classified as CWE-116, which is a common weakness in software security.

CVE-2019-9853 - HIGH Severity | CVSS 7.8

Vulnerability Description

LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in the possibility to construct a document where macro execution bypassed the security settings. The documents were correctly detected as containing macros, and prompted the user to their existence within the documents, but macros within the document were subsequently not controlled by the security settings allowing arbitrary macro execution This issue affects: LibreOffice 6.2 series versions prior to 6.2.7; LibreOffice 6.3 series versions prior to 6.3.1.

Related Vulnerabilities

CVE-2016-2568

HIGH

CVSS:7.8(High)

pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

CWE-1162016

CVE-2019-9852

HIGH

CVSS:7.8(High)

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to s...

CWE-1162019

CVE-2020-16281

HIGH

CVSS:7.8(High)

The Kommbox component in Rangee GmbH RangeeOS 8.0.4 could allow a local authenticated attacker to escape from the restricted environment and execute arbitrary code due to unrestricted context menus be...

CWE-1162020

CVE-2022-41322

HIGH

CVSS:7.8(High)

In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, the...

CWE-1162022

CVE-2022-48339

HIGH

CVSS:7.8(High)

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external ...

CWE-1162022

CVE-2023-26279

HIGH

CVSS:7.8(High)

IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. IBM X-Force ID: 248160.

CWE-1162023