A vulnerability (CVE-2022-3140) has been identified in the free LibreOffice office suite, which allows organizing the execution of arbitrary scripts when clicking on a specially prepared link in a document or when a certain event is triggered while working with a document. The issue has been fixed in LibreOffice 7.3.6 and 7.4.1 updates.
The vulnerability is caused by the addition of support for an additional macro calling scheme 'vnd.libreoffice.command' specific to LibreOffice. This scheme can also be used in URIs used to integrate LibreOffice with MS SharePoint server. An attacker can use such URIs to create links that call any internal macros with arbitrary arguments. When clicked or triggered by an event in a document, such links can be used to run scripts without displaying a warning to the user.
Source: opennet.ru