{"id":"MGASA-2022-0400","summary":"Updated libreoffice packages fix security vulnerability","details":"LibreOffice supports Office URI Schemes to enable browser integration of\nLibreOffice with MS SharePoint server. An additional scheme\n'vnd.libreoffice.command' specific to LibreOffice was added. In the\naffected versions of LibreOffice links using that scheme could be\nconstructed to call internal macros with arbitrary arguments. Which when\nclicked on, or activated by document events, could result in arbitrary\nscript execution without warning. (CVE-2022-3140)\n","modified":"2026-04-16T00:11:38.723237758Z","published":"2022-10-28T23:32:51Z","upstream":["CVE-2022-3140"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0400.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30959"},{"type":"ADVISORY","url":"https://www.libreoffice.org/about-us/security/advisories/CVE-2022-3140"},{"type":"WEB","url":"https://www.debian.org/security/2022/dsa-5252"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TORANVTIWWBH3DNJR4UZATAG67KZOH32/"}],"affected":[{"package":{"name":"libreoffice","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/libreoffice?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.3.6.2-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0400.json"}},{"package":{"name":"libmwaw","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/libmwaw?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.3.21-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0400.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}