Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-6144-1
HistoryJun 07, 2023 - 12:00 a.m.

LibreOffice vulnerabilities

2023-06-0700:00:00
ubuntu.com
28
libreoffice
vulnerabilities
array index underflow
iframe
ubuntu 22.04 lts
ubuntu 20.04 lts
information disclosure
arbitrary code
spreadsheet file
input file
cve-2023-0950
cve-2023-2255

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.2%

JSON

Releases

  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS

Packages

  • libreoffice - Office productivity suite

Details

It was discovered that LibreOffice did not properly validate the number of
parameters passed to the formula interpreter, leading to an array index
underflow attack. If a user were tricked into opening a specially crafted
spreadsheet file, an attacker could possibly use this issue to execute
arbitrary code. (CVE-2023-0950)

Amel Bouziane-Leblond discovered that LibreOffice did not prompt the user
before loading the host document inside an IFrame. If a user were tricked
into opening a specially crafted input file, an attacker could possibly use
this issue to cause information disclosure or execute arbitrary code.
(CVE-2023-2255)

OSVersionArchitecturePackageVersionFilename
Ubuntu22.04noarchlibreoffice< 1:7.3.7-0ubuntu0.22.04.3UNKNOWN
Ubuntu22.04noarchfonts-opensymbol< 2:102.12+LibO7.3.7-0ubuntu0.22.04.3UNKNOWN
Ubuntu22.04noarchgir1.2-lokdocview-0.1< 1:7.3.7-0ubuntu0.22.04.3UNKNOWN
Ubuntu22.04noarchlibjuh-java< 1:7.3.7-0ubuntu0.22.04.3UNKNOWN
Ubuntu22.04noarchlibjurt-java< 1:7.3.7-0ubuntu0.22.04.3UNKNOWN
Ubuntu22.04noarchliblibreoffice-java< 1:7.3.7-0ubuntu0.22.04.3UNKNOWN
Ubuntu22.04noarchliblibreofficekitgtk< 1:7.3.7-0ubuntu0.22.04.3UNKNOWN
Ubuntu22.04noarchliblibreofficekitgtk-dbgsym< 1:7.3.7-0ubuntu0.22.04.3UNKNOWN
Ubuntu22.04noarchlibofficebean-java< 1:7.3.7-0ubuntu0.22.04.3UNKNOWN
Ubuntu22.04noarchlibofficebean-java-dbgsym< 1:7.3.7-0ubuntu0.22.04.3UNKNOWN
Rows per page:
1-10 of 5101

Related

osv 5
openvas 5
kaspersky 1
debian 2
gentoo 1
nessus 20
redos 1
mageia 1
almalinux 2
redhat 2
oraclelinux 2
githubexploit 2
cve 2
debiancve 2
prion 2
veracode 2
redhatcve 2
nvd 2
ubuntucve 2
cvelist 2
osv
osv
libreoffice vulnerabilities
2023-06-07 05:13:10
libreoffice - security update
2023-05-28 00:00:00
libreoffice - security update
2023-08-13 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5415-1)
2023-05-29 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:0075-1)
2024-01-11 00:00:00
Mageia: Security Advisory (MGASA-2023-0194)
2023-06-09 00:00:00
kaspersky
kaspersky
KLA49330 Multiple vulnerabilities in LibreOffice
2023-05-24 00:00:00
debian
debian
[SECURITY] [DSA 5415-1] libreoffice security update
2023-05-28 15:25:12
[SECURITY] [DLA 3526-1] libreoffice security update
2023-08-13 16:32:01
gentoo
gentoo
LibreOffice: Multiple Vulnerabilities
2023-11-26 00:00:00
nessus
nessus
SUSE SLED12 / SLES12 Security Update : LibreOffice (SUSE-SU-2024:0075-1)
2024-01-11 00:00:00
Debian DSA-5415-1 : libreoffice - security update
2023-05-28 00:00:00
GLSA-202311-15 : LibreOffice: Multiple Vulnerabilities
2023-11-26 00:00:00
redos
redos
ROS-20230830-01
2023-08-30 00:00:00
mageia
mageia
Updated libreoffice packages fix security vulnerability
2023-06-08 22:34:59
almalinux
almalinux
Moderate: libreoffice security update
2023-11-14 00:00:00
Moderate: libreoffice security update
2023-11-07 00:00:00
redhat
redhat
(RHSA-2023:6933) Moderate: libreoffice security update
2023-11-14 08:40:48
(RHSA-2023:6508) Moderate: libreoffice security update
2023-11-07 06:07:28
oraclelinux
oraclelinux
libreoffice security update
2023-11-17 00:00:00
libreoffice security update
2023-11-11 00:00:00
githubexploit
githubexploit
Exploit for CVE-2023-2255
2023-07-10 20:54:56
Exploit for CVE-2023-2255
2024-04-27 11:21:11
cve
cve
CVE-2023-2255
2023-05-25 20:15:09
CVE-2023-0950
2023-05-25 20:15:09
debiancve
debiancve
CVE-2023-0950
2023-05-25 20:15:09
CVE-2023-2255
2023-05-25 20:15:09
prion
prion
Input validation
2023-05-25 20:15:00
Improper access control
2023-05-25 20:15:00
veracode
veracode
Authorization Bypass
2023-08-07 01:27:44
Improper Validation
2023-08-06 20:17:06
redhatcve
redhatcve
CVE-2023-0950
2023-05-26 20:40:43
CVE-2023-2255
2023-05-26 20:40:53
nvd
nvd
CVE-2023-0950
2023-05-25 20:15:09
CVE-2023-2255
2023-05-25 20:15:09
ubuntucve
ubuntucve
CVE-2023-0950
2023-05-25 00:00:00
CVE-2023-2255
2023-05-25 00:00:00
cvelist
cvelist
CVE-2023-0950 Array Index UnderFlow in Calc Formula Parsing
2023-05-25 00:00:00
CVE-2023-2255 Remote documents loaded without prompt via IFrame
2023-05-25 00:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.2%

JSON
Related for USN-6144-1
osv5openvas5kaspersky1debian2gentoo1nessus20redos1mageia1almalinux2redhat2oraclelinux2githubexploit2cve2debiancve2prion2veracode2redhatcve2nvd2ubuntucve2cvelist2