5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.0005 Low
EPSS
Percentile
17.5%
A flaw was found in the Libreoffice package. An attacker can craft an odb containing a “database/script” file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | hsqldb | < 2.7.1-1+deb12u1 | hsqldb_2.7.1-1+deb12u1_all.deb |
Debian | 11 | all | hsqldb | < 2.5.1-1+deb11u2 | hsqldb_2.5.1-1+deb11u2_all.deb |
Debian | 999 | all | hsqldb | < 2.7.2-1 | hsqldb_2.7.2-1_all.deb |
Debian | 13 | all | hsqldb | < 2.7.2-1 | hsqldb_2.7.2-1_all.deb |
Debian | 12 | all | hsqldb1.8.0 | < 1.8.0.10+dfsg-11+deb12u1 | hsqldb1.8.0_1.8.0.10+dfsg-11+deb12u1_all.deb |
Debian | 11 | all | hsqldb1.8.0 | < 1.8.0.10+dfsg-10+deb11u1 | hsqldb1.8.0_1.8.0.10+dfsg-10+deb11u1_all.deb |
Debian | 999 | all | hsqldb1.8.0 | < 1.8.0.10+dfsg-12 | hsqldb1.8.0_1.8.0.10+dfsg-12_all.deb |
Debian | 13 | all | hsqldb1.8.0 | < 1.8.0.10+dfsg-12 | hsqldb1.8.0_1.8.0.10+dfsg-12_all.deb |