CVE-2020-12802
remote graphics contained in docx format retrieved in 'stealth mode'
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where remote graphic links loaded from docx documents were omitted from this protection prior to version 6.4.4. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4.
We have discovered 2,325 live websites that are affected by CVE-2020-12802.
Affected Software
| Product | |
| Category | Content Management System |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 195 |
| Vulnerable Domains | 2,325 live websites (68.93% of LibreOffice install base) |
Details
- Published - Jun 8, 2020
- Updated - Dec 31, 2023
CWE
CVE References
CWE References
Countries
 United States | 418 websites |
 Germany | 754 websites |
 France | 155 websites |
 Italy | 104 websites |
 GB | 79 websites |
 Czech Republic | 55 websites |
 Netherlands | 55 websites |
 Poland | 54 websites |
 Denmark | 52 websites |
 Russia | 45 websites |
TLDs
| .de | 597 websites |
| .com | 539 websites |
| .org | 167 websites |
| .net | 118 websites |
| .fr | 74 websites |
| .it | 65 websites |
| .dk | 46 websites |
| .nl | 42 websites |
| .co.uk | 41 websites |
| .info | 40 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redReferences
- https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12802
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PQIBAKXD7VO5IGBD7ZMH3GGBNR5R2IOA/
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00058.html
- https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html
Websites affected by CVE-2020-12802
Top websites that are affected by CVE-2020-12802. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.*****.bg |  Bulgaria | ***,*** | |
| **************.*******.de | Germany | ***,*** | |
| *************.com | Germany | ***,*** | |
| *****************.de | Germany | ***,*** | |
| ********.com | United States | ***,*** | |
| ******.cz | Czech Republic | ***,*** | |
| ***.****.br |  Brazil | ***,*** | |
| ******.*******.de | Germany | ***,*** | |
| *****************.cz | Czech Republic | ***,*** | |
| *********.com |  Canada | ***,*** |