Researchers:
Intro
In our attempt to fingerprint LibreOffice as a PDF rendering service, we identified multiple implementation vulnerabilities.
This writeup covers our efforts to fingerprint LibreOffice, LibreOffice file detection (and abuse) & misuse of the LibreOffice Python-UNO bridge.
The unintended misuse of the Python-UNO bridge by the popular package unoconv resulted in CVE-2019-17400.
We believe our research here is not final, and encourage others to look into this area.