CVE-2023-0950

2023-05-2500:00:00

ubuntu.com

cve-2023-0950

libreoffice

spreadsheet component

validation

array index underflow

arbitrary code execution

malformed formulas

aggregate

security vulnerability

the document foundation

version 7.4.6

version 7.5.1

unix

0.001 Low

EPSS

Percentile

18.7%

JSON

Improper Validation of Array Index vulnerability in the spreadsheet
component of The Document Foundation LibreOffice allows an attacker to
craft a spreadsheet document that will cause an array index underflow when
loaded. In the affected versions of LibreOffice certain malformed
spreadsheet formulas, such as AGGREGATE, could be created with less
parameters passed to the formula interpreter than it expected, leading to
an array index underflow, in which case there is a risk that arbitrary code
could be executed. This issue affects: The Document Foundation LibreOffice
7.4 versions prior to 7.4.6; 7.5 versions prior to 7.5.1.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchlibreoffice< 1:6.4.7-0ubuntu0.20.04.8UNKNOWN
ubuntu22.04noarchlibreoffice< 1:7.3.7-0ubuntu0.22.04.3UNKNOWN
ubuntu22.10noarchlibreoffice< 1:7.4.6-0ubuntu0.22.10.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	libreoffice	< 1:6.4.7-0ubuntu0.20.04.8	UNKNOWN
ubuntu	22.04	noarch	libreoffice	< 1:7.3.7-0ubuntu0.22.04.3	UNKNOWN
ubuntu	22.10	noarch	libreoffice	< 1:7.4.6-0ubuntu0.22.10.1	UNKNOWN