CVE-2022-38745
libreoffice - security update
7.8
HIGH
CVSS 3.1
EPSS 0.13%
Description
Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.
How to fix CVE-2022-38745
To remediate CVE-2022-38745, upgrade the affected package to a fixed version below.
- Debian/libreoffice—upgrade to 1:7.0.4-4+deb11u6 or later
- —upgrade to 1:6.1.5-3+deb10u10 or later
Is CVE-2022-38745 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1:7.0.4-4+deb11u6
- from 0, < 1:6.1.5-3+deb10u10
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |