CVE-2022-38745
HIGH7.8EPSS 0.13%libreoffice - security update
Published: 3/24/2023Modified: 4/28/2026
Description
Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.
Affected packages (2)
- Debian/libreofficefrom 0, < 1:7.0.4-4+deb11u6
- Debian/libreofficefrom 0, < 1:6.1.5-3+deb10u10
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |