The host is installed with LibreOffice 7.4.x before 7.4.6 or 7.5.x before 7.5.1 or Apache OpenOffice before 4.1.15 and is prone to an arbitrary file write vulnerability. A flaw is present in the application, which fails to properly handle issues in hsqldb. Successful exploitation could allows an attacker to craft an odb containing a "database/script" file which itself contained a SCRIPT command where the contents of the file could be writen to a new file whose location was determined by the attacker.