VDB
CNVD-2023-99633
CNVD-2023-99633
PUBLISHED
CVSS 8.300000190734863 HIGH
LibreOffice是文档基金会(The Document Foundation,tdf)的一套开源的办公软件套件。该产品包含Writer(文本文档)、Calc(电子表格)和Impress(演示文稿)等应用程序。 LibreOffice存在输入验证错误漏洞,该漏洞源于存在不正确的输入验证,攻击者可利用该漏洞能够根据目标系统上安装的插件运行任意gstreamer插件。
Risk Scores
CVSS 3.1
8.300000190734863
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| The Document Foundation | LibreOffice | 7.5, 7.6 |
Exploit Intelligence
- CIRCL seen: CVE-2023-6185 (circl-sighting)
- https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185 (circl)
- https://www.debian.org/security/2023/dsa-5574 (circl)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/ (circl)
- https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html (circl)
Timeline
- Dec 11, 2023 CVE Published
- Jan 1, 2024 PoC Published
- May 30, 2026 Distribution Patch
References
- https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185 vendor-advisory
- https://www.debian.org/security/2023/dsa-5574 url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/ url
- https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html url