VDB
CNVD-2023-99632
CNVD-2023-99632
PUBLISHED
CVSS 8.300000190734863 HIGH
LibreOffice是文档基金会(The Document Foundation,tdf)的一套开源的办公软件套件。该产品包含Writer(文本文档)、Calc(电子表格)和Impress(演示文稿)等应用程序。 LibreOffice存在授权问题漏洞,该漏洞源于宏权限验证不足,攻击者可利用该漏洞在没有警告的情况下执行内置宏。
Risk Scores
CVSS 3.1
8.300000190734863
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| The Document Foundation | LibreOffice | 7.5, 7.6 |
Exploit Intelligence
- https://www.libreoffice.org/about-us/security/advisories/cve-2023-6186 (circl)
- https://www.debian.org/security/2023/dsa-5574 (circl)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/ (circl)
- https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html (circl)
- CIRCL seen: CVE-2023-6186 (circl-sighting)
Timeline
- Dec 11, 2023 CVE Published
- Dec 13, 2023 CVE ID Reserved
- Jan 1, 2024 PoC Published
- May 30, 2026 Distribution Patch
References
- https://www.libreoffice.org/about-us/security/advisories/cve-2023-6186 vendor-advisory
- https://www.debian.org/security/2023/dsa-5574 url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/ url
- https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html url