CVE-2023-6185

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-6185

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6185.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-6185

Downstream

DEBIAN-CVE-2023-6185

DLA-3703-1

DSA-5574-1

RHSA-2024:1423

RHSA-2024:1425

RHSA-2024:1427

RHSA-2024:1473

RHSA-2024:1480

RHSA-2024:1512

RHSA-2024:1513

RHSA-2024:1514

RHSA-2024:3304

RHSA-2024:3835

SUSE-SU-2023:4932-1

SUSE-SU-2023:4984-1

UBUNTU-CVE-2023-6185

USN-6546-2

Related

Published

2023-12-11T12:15:07Z

Modified

2025-08-09T19:01:28Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins.

In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.

References

Affected packages