{"id":"CVE-2018-16858","details":"It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.","modified":"2026-04-09T06:09:03.853635Z","published":"2019-03-25T18:29:00.463Z","related":["MGASA-2019-0102","SUSE-SU-2019:1448-1","SUSE-SU-2019:1894-1","SUSE-SU-2019:2003-1","openSUSE-SU-2019:1929-1","openSUSE-SU-2024:10983-1"],"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00059.html"},{"type":"WEB","url":"https://seclists.org/bugtraq/2019/Aug/28"},{"type":"ADVISORY","url":"https://www.libreoffice.org/about-us/security/advisories/cve-2018-16858/"},{"type":"ADVISORY","url":"http://www.rapid7.com/db/modules/exploit/multi/fileformat/libreoffice_macro_exec"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2130"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16858"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/152560/LibreOffice-Macro-Code-Execution.html"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/46727/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libreoffice/core","events":[{"introduced":"0"},{"fixed":"da2c4acc4e2e51252d2ef1751bc77966be32ec80"},{"introduced":"0"},{"fixed":"15411734fb5201c821167bc19984e3ff06467983"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"6.0.7"},{"introduced":"6.1.0"},{"fixed":"6.1.3"}]}}],"versions":["MELD_LIBREOFFICE_REPOS","cib-6.1-1","cib-6.1-2","cp-6.0-1","cp-6.0-2","cp-6.0-3","cp-6.0-5","cp-6.0-6","cp-6.0-branch-point","gpg4libre-review-5.4.99","libreoffice-3-5-branch-point","libreoffice-3-6-branch-point","libreoffice-3.5.0.0","libreoffice-4-0-branch-point","libreoffice-4-1-branch-point","libreoffice-4-2-branch-point","libreoffice-4-2-milestone-1","libreoffice-4-3-branch-point","libreoffice-4-4-branch-point","libreoffice-5-0-branch-point","libreoffice-5-1-branch-point","libreoffice-5-2-branch-point","libreoffice-5-3-branch-point","libreoffice-5-4-branch-point","libreoffice-6-0-branch-point","libreoffice-6-1-branch-point","sdremote-2.0.0","windows_build_successful_2011_11_08"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-16858.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}