libreoffice is vulnerable to Execution with Unnecessary Privileges. The vulnerability is due to there is no sanitization or escaping for the filename of an embedded video when it is passed to GStreamer. This flaw allows an attacker to execute arbitrary GStreamer plugins.
lists.debian.org/debian-lts-announce/2023/12/msg00026.html
lists.fedoraproject.org/archives/list/[email protected]/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/
security-tracker.debian.org/tracker/CVE-2023-6185
www.debian.org/security/2023/dsa-5574
www.libreoffice.org/about-us/security/advisories/cve-2023-6185