Title: CVE-2018-10583 Information disclosure via SMB link embedded in ODF document

Announced: May 24, 2018

Addressed in: LibreOffice 5.4.7/6.0.4


A LibreOffice document with a linked image, which is on a samba share, will cause LibreOffice to automatically initiate a samba connection to retrieve the image. This is analogous to how opening HTML documents which contain links to images on remote web sites are automatically fetched by web browsers.

Since LibreOffice 5.4.7, and 6.0.4 in the 6.X series, end users or administrators can disable this functionality to automatically fetch such linked images via "tools->options->security->options->block any links from documents not among the trusted locations"