An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.
https://www.exploit-db.com/exploits/44564/
https://usn.ubuntu.com/3883-1/
https://security-tracker.debian.org/tracker/CVE-2018-10583
https://access.redhat.com/errata/RHSA-2018:3054
http://secureyourit.co.uk/wp/2018/05/01/creating-malicious-odt-files/