Skip to main content

Libreoffice CVE-2023-1183

MEDIUM
Improper Input Validation (CWE-20)
2023-07-10 secalert@redhat.com
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 10, 2023 - 16:15 nvd
MEDIUM 5.5

DescriptionNVD

A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.

AnalysisAI

A flaw was found in the Libreoffice package. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-20. A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker. Affected products include: Libreoffice, Fedoraproject Fedora, Redhat Enterprise Linux.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2019-9851 CRITICAL POC
9.8 Aug 15

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitra

CVE-2015-5212 MEDIUM
6.8 Nov 10

Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load p

CVE-2015-5214 MEDIUM
6.8 Nov 10

LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a deni

CVE-2018-6871 CRITICAL POC
9.8 Feb 09

LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a

CVE-2021-25631 HIGH POC
8.8 May 03

In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist

CVE-2012-2334 MEDIUM POC
6.8 Jun 19

Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and

CVE-2018-10583 HIGH POC
7.5 May 01

An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically p

CVE-2014-3524 CRITICAL
9.3 Aug 26

Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified

CVE-2015-5213 MEDIUM
6.8 Nov 10

Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denia

CVE-2014-0247 CRITICAL
10.0 Jul 03

LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possib

CVE-2012-0037 MEDIUM POC
6.5 Jun 17

Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x

CVE-2017-7856 CRITICAL
9.8 Apr 14

LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::Imp

Share

CVE-2023-1183 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy