Fixed in: LibreOffice 7.2.6/7.3.1 Description: Most versions of LibreOffice support and contain components written in Java. LibreOffice extends the existing Java class path with its own internal classes. In the affected versions of LibreOffice if the existing class path was empty, then when Java class files are loaded, the current working directory is searched for valid classes before using the embedded versions. If an attacker sends a zip file containing a class file alongside a document then, depending on the file manager or other tool used to open the zip file, when on navigating to the document and launching LibreOffice to open it, the current working directory of LibreOffice may be the directory in which the class file exists, in which case there is a risk that the arbitrary code of the class file could be executed. In versions >= 7.2.6 (and >= 7.3.1) such unwanted empty paths are not appended to the classpath References: https://www.libreoffice.org/about-us/security/advisories/cve-2022-38745/
Created libreoffice tracking bugs for this issue: Affects: fedora-all [bug 2182045]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6508 https://access.redhat.com/errata/RHSA-2023:6508
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:6933 https://access.redhat.com/errata/RHSA-2023:6933