Date: prev next · Thread: first prev next last
2022 Archives by date, by thread · List index




---------- Forwarded message ---------
From: Caolán McNamara <>
Date: 2022年10月11日(火) 22:18
Subject: [tdf-discuss] security related information, CVE-2022-3140
To: <>

tl;dr: Upgrade to 7.3.6 or 7.4.1

CVE-2022-3140: Macro URL arbitrary script execution

LibreOffice supports Office URI Schemes to enable browser integration
of LibreOffice with MS SharePoint server. An additional scheme
'vnd.libreoffice.command' specific to LibreOffice was added. In the
affected versions of LibreOffice links using that scheme could be
constructed to call internal macros with arbitrary arguments. Which
when clicked on, or activated by document events, could result in
arbitrary script execution without warning.

To unsubscribe e-mail to:
Posting guidelines + more:
List archive:
Privacy Policy:

Unsubscribe instructions: E-mail to
Posting guidelines + more:
List archive:
Privacy Policy:


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.