← Back

CVE-2023-6185

nvd nist
Published: Dec 11, 2023Modified: Feb 13, 2025

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.

Affected (5)

Libreoffice
1 product
Libreoffice
Fedoraproject
1 product
Fedora
Debian
1 product
Debian Linux
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Libreoffice
Libreoffice
From 7.5.0 to 7.5.9
Libreoffice
From 7.6.0 to 7.6.3
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Fedora
Version 38
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 11.0
Debian Linux
Version 12.0

References (8)

Source: security@documentfoundation.org
Source: security@documentfoundation.org
Mailing ListThird Party Advisory
Source: security@documentfoundation.org
Third Party Advisory
Source: security@documentfoundation.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.