Lucene search

K
osvGoogleOSV:RLSA-2024:1514
HistoryMar 27, 2024 - 4:34 a.m.

Important: libreoffice security fix update

2024-03-2704:34:32
Google
osv.dev
12
libreoffice
community-developed
office suite
productivity
security fix
input validation
gstreamer plugin execution
cve-2023-6185
macro permission validation
cve-2023-6186

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

28.5%

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite.

Security Fix(es):

  • libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution (CVE-2023-6185)

  • libreoffice: Insufficient macro permission validation leading to macro execution (CVE-2023-6186)

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

28.5%