GoogleOSV:ALSA-2023:6508Moderate: libreoffice security update
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
45.2%
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite.
Security Fix(es):
- libreoffice: Empty entry in Java class path (CVE-2022-38745)
- libreoffice: Array index underflow in Calc formula parsing (CVE-2023-0950)
- libreoffice: Arbitrary file write (CVE-2023-1183)
- libreoffice: Remote documents loaded without prompt via IFrame (CVE-2023-2255)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References
access.redhat.com/errata/RHSA-2023:6508
access.redhat.com/security/cve/CVE-2022-38745
access.redhat.com/security/cve/CVE-2023-0950
access.redhat.com/security/cve/CVE-2023-1183
access.redhat.com/security/cve/CVE-2023-2255
bugzilla.redhat.com/2182044
bugzilla.redhat.com/2208506
bugzilla.redhat.com/2210185
bugzilla.redhat.com/2210186
errata.almalinux.org/9/ALSA-2023-6508.html
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
45.2%