Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-10583

CWE-200Information Exposure11 documents9 sources
Severity
7.5HIGH
EPSS
71.9%
top 1.26%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
7
Apache OpenofficeCanonical Ubuntu LinuxDebian Debian Linux+4 more
Timeline
PublishedMay 1
Latest updateMay 13

Description

An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 14.04, 16.04

🔴Vulnerability Details

4
GHSA
GHSA-hc7m-8pgf-jwrh: An information disclosure vulnerability occurs when LibreOffice 62022-05-13
OSV
libreoffice vulnerabilities2019-02-06
OSV
CVE-2018-10583: An information disclosure vulnerability occurs when LibreOffice 62018-05-01
CVEList
CVE-2018-10583: An information disclosure vulnerability occurs when LibreOffice 62018-05-01

💥Exploits & PoCs

1
Exploit-DB
LibreOffice/Open Office - '.odt' Information Disclosure2018-05-02

📋Vendor Advisories

3
Ubuntu
LibreOffice vulnerabilities2019-02-06
Red Hat
libreoffice: Information disclosure via SMB connection embedded in malicious file2018-05-01
Debian
CVE-2018-10583: libreoffice - An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache...2018

💬Community

2
Bugzilla
CVE-2018-10583 libreoffice: Information disclosure via SMB connection embedded in malicious file [fedora-all]2018-05-04
Bugzilla
CVE-2018-10583 libreoffice: Information disclosure via SMB connection embedded in malicious file2018-05-04
CVE-2018-10583 (HIGH CVSS 7.5) | An information disclosure vulnerabi | cvebase.io