CVE-2023-6185 — Execution with Unnecessary Privileges in Document Foundation Libreoffice
Severity
8.8HIGHNVD
CNA8.3
EPSS
1.2%
top 20.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 11
Latest updateDec 14
Description
Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins.
In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages4 packages
Also affects: Debian Linux 11.0, 12.0, Fedora 38
🔴Vulnerability Details
5OSV▶
CVE-2023-6185: Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStrea↗2023-12-11
GHSA▶
GHSA-58qf-gq3r-xwgx: Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStrea↗2023-12-11
📋Vendor Advisories
4Red Hat
▶
Debian▶
CVE-2023-6185: libreoffice - Improper Input Validation vulnerability in GStreamer integration of The Document...↗2023