Vigil@nce - LibreOffice Impress: information disclosure via Background Image
May 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can open an ODP document of LibreOffice Impress, in
order to see a deleted image.
– Impacted products: Fedora, LibreOffice.
– Severity: 1/4.
– Creation date: 09/05/2016.
DESCRIPTION OF THE VULNERABILITY
The LibreOffice Impress product allows users to set an image as
the background of slides.
However, even if this image is deleted, it stays in the ODP
document.
An attacker can therefore open an ODP document of LibreOffice
Impress, in order to see a deleted image.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN