Is CVE-2019-9848 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Document Foundation Libreoffice

CVE-2019-9848

LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphic…

EPSS: 0.814 (99.2th percentile) — read the EPSS interpretation.

Affected products

Document Foundation Libreoffice — versions unspecified

Public proof-of-concept exploits

References

www.libreoffice.org/about-us/security/advisories/CVE-2019-9848 (x_refsource_CONFIRM)
USN-4063-1 (vendor-advisory, x_refsource_UBUNTU)
FEDORA-2019-5561d20558 (vendor-advisory, x_refsource_FEDORA)
109374 (vdb-entry, x_refsource_BID)
GLSA-201908-13 (vendor-advisory, x_refsource_GENTOO)
20190815 [SECURITY] [DSA 4501-1] libreoffice security update (mailing-list, x_refsource_BUGTRAQ)
FEDORA-2019-2fe22a3a2c (vendor-advisory, x_refsource_FEDORA)
openSUSE-SU-2019:2057 (vendor-advisory, x_refsource_SUSE)
openSUSE-SU-2019:2183 (vendor-advisory, x_refsource_SUSE)
[debian-lts-announce] 20191006 [SECURITY] [DLA 1947-1] libreoffice security update (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2019-9848?: CVE-2019-9848 is a vulnerability in Document Foundation Libreoffice. Published 2019-07-17.
Is CVE-2019-9848 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.