Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins.
In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.
References
Link | Resource |
---|---|
https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html | |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/ | Mailing List Third Party Advisory |
https://www.debian.org/security/2023/dsa-5574 | Third Party Advisory |
https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185 | Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html | |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/ | Mailing List Third Party Advisory |
https://www.debian.org/security/2023/dsa-5574 | Third Party Advisory |
https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 08:43
Type | Values Removed | Values Added |
---|---|---|
References | () https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/ - Mailing List, Third Party Advisory | |
References | () https://www.debian.org/security/2023/dsa-5574 - Third Party Advisory | |
References | () https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.3 |
31 Dec 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Dec 2023, 13:51
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
|
CWE | NVD-CWE-noinfo | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
References | () https://www.debian.org/security/2023/dsa-5574 - Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/ - Mailing List, Third Party Advisory | |
References | () https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185 - Vendor Advisory |
13 Dec 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Dec 2023, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Dec 2023, 12:20
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-11 12:15
Updated : 2024-11-21 08:43
NVD link : CVE-2023-6185
Mitre link : CVE-2023-6185
CVE.ORG link : CVE-2023-6185
JSON object : View
Products Affected
debian
- debian_linux
libreoffice
- libreoffice
fedoraproject
- fedora
CWE