CVE-2023-6185
published 2023-12-11CVE-2023-6185: Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer…
PriorityP258high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.02%
59.0th percentile
Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins.
In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | libreoffice | < libreoffice 4:7.4.7-1+deb12u1 (bookworm) | libreoffice 4:7.4.7-1+deb12u1 (bookworm) |
| fedoraproject | fedora | — | — |
| libreoffice | libreoffice | >= 0 < 1:7.0.4-4+deb11u8 | 1:7.0.4-4+deb11u8 |
| libreoffice | libreoffice | >= 0 < 4:7.4.7-1+deb12u1 | 4:7.4.7-1+deb12u1 |
| libreoffice | libreoffice | >= 0 < 4:7.6.3-1 | 4:7.6.3-1 |
| libreoffice | libreoffice | >= 0 < 4:7.6.3-1 | 4:7.6.3-1 |
| libreoffice | libreoffice | >= 0 < 1:6.4.7-0ubuntu0.20.04.9 | 1:6.4.7-0ubuntu0.20.04.9 |
| libreoffice | libreoffice | >= 0 < 1:7.3.7-0ubuntu0.22.04.4 | 1:7.3.7-0ubuntu0.22.04.4 |
| libreoffice | libreoffice | >= 0 < 4:7.6.4-0ubuntu0.23.10.1 | 4:7.6.4-0ubuntu0.23.10.1 |
| libreoffice | libreoffice | >= 7.5.0 < 7.5.9 | 7.5.9 |
| libreoffice | libreoffice | >= 7.6.0 < 7.6.3 | 7.6.3 |
| the_document_foundation | libreoffice | >= 7.5 < 7.5.9 | 7.5.9 |
| the_document_foundation | libreoffice | >= 7.6 < 7.6.3 | 7.6.3 |
Detection & IOCsextracted from sources · hover to see the quote
- →The attack vector involves an embedded video within a document file where the filename is not sufficiently escaped before being passed to GStreamer. Detection should focus on LibreOffice processes spawning unexpected GStreamer plugin child processes. ↗
- →Suspicious LibreOffice documents containing embedded video content should be treated as potentially malicious delivery vehicles for this exploit. Monitor for LibreOffice opening files that trigger GStreamer plugin execution. ↗
- ·Exploitability depends on which GStreamer plugins are installed on the target system; impact varies per host configuration. ↗
- ·The vulnerability is scoped as local exploitation per Debian's security tracker classification. ↗
- ·Red Hat will not fix this in RHEL 8 and RHEL 9 libreoffice:flatpak packages; RHEL 6 is out of support scope. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.3HIGH
vendor_redhat8.3HIGH
vendor_ubuntu8.3HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
LibreOffice vulnerabilities
vendor_ubuntu·2023-12-14·CVSS 8.3
CVE-2023-6186 [HIGH] LibreOffice vulnerabilities
Title: LibreOffice vulnerabilities
Summary: Several security issues were fixed in LibreOffice.
USN-6546-1 fixed vulnerabilities in LibreOffice. This update provides the
corresponding updates for Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
Original advisory details:
Reginaldo Silva discovered that LibreOffice incorrectly handled filenames
when passing embedded videos to GStreamer. If a user were tricked into
opening a specially crafted file, a remote attacker could possibly use this
issue to execute arbitrary GStreamer plugins. (CVE-2023-6185)
Reginaldo Silva discovered that LibreOffice incorrectly handled certain
non-typical hyperlinks. If a user were tricked into opening a specially
crafted file, a remote attacker could possibly use this issue to execute
arbitrary scripts. (CVE-2023-6186)
Red Hat
libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution
vendor_redhat·2023-12-11·CVSS 8.3
CVE-2023-6185 [HIGH] CWE-250 libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution
libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution
Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins.
In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.
An improper input validation vulnerability was found in LibreOffice. In versions where filenames are not sufficiently escaped, an attacker can execute arbitrary GStreamer plugins.
Package: libreoffice (Red Hat Enterprise Linux 6) - Out of support scope
Package: libreoffice:flatpak/libreoffice (Red Hat Enterprise Linux
Ubuntu
LibreOffice vulnerabilities
vendor_ubuntu·2023-12-11·CVSS 8.3
CVE-2023-6186 [HIGH] LibreOffice vulnerabilities
Title: LibreOffice vulnerabilities
Summary: Several security issues were fixed in LibreOffice.
Reginaldo Silva discovered that LibreOffice incorrectly handled filenames
when passing embedded videos to GStreamer. If a user were tricked into
opening a specially crafted file, a remote attacker could possibly use this
issue to execute arbitrary GStreamer plugins. (CVE-2023-6185)
Reginaldo Silva discovered that LibreOffice incorrectly handled certain
non-typical hyperlinks. If a user were tricked into opening a specially
crafted file, a remote attacker could possibly use this issue to execute
arbitrary scripts. (CVE-2023-6186)
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2023-6185: libreoffice - Improper Input Validation vulnerability in GStreamer integration of The Document...
vendor_debian·2023·CVSS 8.3
CVE-2023-6185 [HIGH] CVE-2023-6185: libreoffice - Improper Input Validation vulnerability in GStreamer integration of The Document...
Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.
Scope: local
bookworm: resolved (fixed in 4:7.4.7-1+deb12u1)
bullseye: resolved (fixed in 1:7.0.4-4+deb11u8)
forky: resolved (fixed in 4:7.6.3-1)
sid: resolved (fixed in 4:7.6.3-1)
trixie: resolved (fixed in 4:7.6.3-1)
OSV
libreoffice vulnerabilities
osv·2023-12-14·CVSS 8.8
CVE-2023-6185 [HIGH] libreoffice vulnerabilities
libreoffice vulnerabilities
USN-6546-1 fixed vulnerabilities in LibreOffice. This update provides the
corresponding updates for Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
Original advisory details:
Reginaldo Silva discovered that LibreOffice incorrectly handled filenames
when passing embedded videos to GStreamer. If a user were tricked into
opening a specially crafted file, a remote attacker could possibly use this
issue to execute arbitrary GStreamer plugins. (CVE-2023-6185)
Reginaldo Silva discovered that LibreOffice incorrectly handled certain
non-typical hyperlinks. If a user were tricked into opening a specially
crafted file, a remote attacker could possibly use this issue to execute
arbitrary scripts. (CVE-2023-6186)
OSV
CVE-2023-6185: Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStrea
osv·2023-12-11·CVSS 8.8
CVE-2023-6185 [HIGH] CVE-2023-6185: Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStrea
Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.
OSV
libreoffice vulnerabilities
osv·2023-12-11·CVSS 8.8
CVE-2023-6185 [HIGH] libreoffice vulnerabilities
libreoffice vulnerabilities
Reginaldo Silva discovered that LibreOffice incorrectly handled filenames
when passing embedded videos to GStreamer. If a user were tricked into
opening a specially crafted file, a remote attacker could possibly use this
issue to execute arbitrary GStreamer plugins. (CVE-2023-6185)
Reginaldo Silva discovered that LibreOffice incorrectly handled certain
non-typical hyperlinks. If a user were tricked into opening a specially
crafted file, a remote attacker could possibly use this issue to execute
arbitrary scripts. (CVE-2023-6186)
GHSA
GHSA-58qf-gq3r-xwgx: Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStrea
ghsa_unreviewed·2023-12-11
CVE-2023-6185 [HIGH] GHSA-58qf-gq3r-xwgx: Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStrea
Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins.
In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://lists.debian.org/debian-lts-announce/2023/12/msg00026.htmlhttps://lists.fedoraproject.org/archives/list/[email protected]/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/https://www.debian.org/security/2023/dsa-5574https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185https://lists.debian.org/debian-lts-announce/2023/12/msg00026.htmlhttps://lists.fedoraproject.org/archives/list/[email protected]/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/https://www.debian.org/security/2023/dsa-5574https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185
2023-12-11
Published