An gano wani rauni (CVE-2022-3140) a cikin ɗakin ofishi na kyauta na LibreOffice, wanda ke ba da damar tsara aiwatar da rubutun sabani lokacin danna hanyar haɗin da aka shirya ta musamman a cikin takaddar ko lokacin da aka haifar da wani taron yayin aiki tare da takarda. An gyara batun a cikin sabuntawar LibreOffice 7.3.6 da 7.4.1.
Rashin lahani yana haifar da ƙarin tallafi don ƙarin tsarin kiran macro 'vnd.libreoffice.command' musamman ga LibreOffice. Hakanan za'a iya amfani da wannan makirci a cikin URIs da ake amfani da su don haɗa LibreOffice tare da uwar garken MS SharePoint. Mai hari zai iya amfani da irin waɗannan URIs don ƙirƙirar hanyoyin haɗin gwiwa waɗanda ke kiran kowane macros na ciki tare da gardama na sabani. Lokacin danna ko kunna ta wani lamari a cikin takaddar, ana iya amfani da irin waɗannan hanyoyin haɗin don gudanar da rubutun ba tare da nuna gargaɗi ga mai amfani ba.
source: budenet.ru