CVE-2021-44228
Title: Apache Log4j Remote Code Execution Vulnerability
Announced: December 16, 2021
Fixed in: N/A
Description:
LibreOffice does not contain a copy of Log4j so it does not bundle an affected version of Log4j, and LibreOffice does not have a direct dependency on Log4j.
In versions of LibreOffice prior to 7.2 the report building/reporting part of the database application may do some logging via
apache-commons-logging and/or jcommon-logging and it is then maybe possible that if the system has Log4j installed that this logging can be rerouted though Log4j. In any case this scenario requires a vulnerable Log4j to be installed by something/someone else and such a third-party-provided vulnerable Log4j should be replaced anyway as a matter of course.
References:
CVE-2021-44228
Follow Us