CVE-2023-6185

Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*
cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*

History

21 Nov 2024, 08:43

Type Values Removed Values Added
References () https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html - () https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html -
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/ - Mailing List, Third Party Advisory () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/ - Mailing List, Third Party Advisory
References () https://www.debian.org/security/2023/dsa-5574 - Third Party Advisory () https://www.debian.org/security/2023/dsa-5574 - Third Party Advisory
References () https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185 - Vendor Advisory () https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185 - Vendor Advisory
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 8.3

31 Dec 2023, 14:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html -

14 Dec 2023, 13:51

Type Values Removed Values Added
CPE cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
References () https://www.debian.org/security/2023/dsa-5574 - () https://www.debian.org/security/2023/dsa-5574 - Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/ - Mailing List, Third Party Advisory
References () https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185 - () https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185 - Vendor Advisory

13 Dec 2023, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/ -

12 Dec 2023, 02:15

Type Values Removed Values Added
References
  • () https://www.debian.org/security/2023/dsa-5574 -

11 Dec 2023, 12:20

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-11 12:15

Updated : 2024-11-21 08:43


NVD link : CVE-2023-6185

Mitre link : CVE-2023-6185

CVE.ORG link : CVE-2023-6185


JSON object : View

Products Affected

debian

  • debian_linux

libreoffice

  • libreoffice

fedoraproject

  • fedora