cbcvebase.
CVE-2023-0950
published 2023-05-25

CVE-2023-0950: Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet…

PriorityP339high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.30%
21.6th percentile
Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to 7.5.1.

Affected

12 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debianlibreoffice< libreoffice 4:7.4.5-3 (bookworm)libreoffice 4:7.4.5-3 (bookworm)
libreofficelibreoffice>= 0 < 1:7.0.4-4+deb11u71:7.0.4-4+deb11u7
libreofficelibreoffice>= 0 < 4:7.4.5-34:7.4.5-3
libreofficelibreoffice>= 0 < 4:7.4.5-34:7.4.5-3
libreofficelibreoffice>= 0 < 4:7.4.5-34:7.4.5-3
libreofficelibreoffice>= 0 < 1:6.4.7-0ubuntu0.20.04.81:6.4.7-0ubuntu0.20.04.8
libreofficelibreoffice>= 0 < 1:7.3.7-0ubuntu0.22.04.31:7.3.7-0ubuntu0.22.04.3
libreofficelibreoffice>= 7.4.0 < 7.4.67.4.6
libreofficelibreoffice>= 7.5.0 < 7.5.27.5.2
the_document_foundationlibreoffice>= 7.4 < 7.4.67.4.6
the_document_foundationlibreoffice>= 7.5 < 7.5.17.5.1

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
vendor_ubuntu7.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.