CVE-2023-6185

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-6185

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6185.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-6185

Related

Published

2023-12-11T12:15:07Z

Modified

2024-09-18T03:24:43.425969Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins.

In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.

References

Affected packages

Debian:11 / libreoffice

Package

Name: libreoffice
Purl: pkg:deb/debian/libreoffice?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:7.0.4-4+deb11u8

Affected versions

1:7.*

1:7.0.4-4

1:7.0.4-4+deb11u1~bpo10+1

1:7.0.4-4+deb11u1

1:7.0.4-4+deb11u2

1:7.0.4-4+deb11u3~bpo10+1

1:7.0.4-4+deb11u3

1:7.0.4-4+deb11u4~bpo10+1

1:7.0.4-4+deb11u4

1:7.0.4-4+deb11u5

1:7.0.4-4+deb11u6

1:7.0.4-4+deb11u7

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libreoffice

Package

Name: libreoffice
Purl: pkg:deb/debian/libreoffice?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4:7.4.7-1+deb12u1

Affected versions

4:7.*

4:7.4.5-3

4:7.4.7-1~bpo11+1

4:7.4.7-1

4:7.4.7-1+deb12u1~bpo11+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libreoffice

Package

Name: libreoffice
Purl: pkg:deb/debian/libreoffice?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4:7.6.3-1

Affected versions

4:7.*

4:7.4.5-3

4:7.4.7-1~bpo11+1

4:7.4.7-1

4:7.5.0~rc2-7

4:7.5.0~rc3-1

4:7.5.1~rc1-1

4:7.5.1~rc2-1

4:7.5.2~rc1-1

4:7.5.2~rc2-1

4:7.5.3~rc1-1

4:7.5.3~rc2-1

4:7.5.4~rc1-1

4:7.5.4~rc1-2

4:7.5.4~rc1-3

4:7.5.4~rc1-4

4:7.5.4~rc2-1

4:7.5.4-1

4:7.5.4-2

4:7.5.4-3

4:7.5.4-4

4:7.5.5~rc1-1

4:7.5.5~rc1-2

4:7.5.5~rc1-3

4:7.5.5~rc1-4

4:7.5.5~rc1-5

4:7.5.5~rc2-1

4:7.5.5-1

4:7.5.5-2

4:7.5.5-3~bpo12+1

4:7.5.5-3

4:7.5.5-4~bpo12+1

4:7.5.5-4

4:7.5.6-1~bpo12+1

4:7.5.6-1

4:7.5.7-1

4:7.5.8~rc1-1

4:7.5.8~rc1-2

4:7.5.8-1~bpo12+1

4:7.5.8-1

4:7.5.9~rc1-1~bpo12+1

4:7.5.9~rc1-1~bpo12+2

4:7.5.9~rc1-1

4:7.6.0~rc1-1

4:7.6.0~rc1-2

4:7.6.0~rc2-1

4:7.6.0~rc2-2

4:7.6.0~rc3-1

4:7.6.1~rc1-1

4:7.6.1~rc2-1

4:7.6.1~rc2-2

4:7.6.2-1

4:7.6.2-2

4:7.6.2-3

4:7.6.2-4

4:7.6.2-5

4:7.6.3~rc1-1

4:7.6.3~rc1-2

4:7.6.3~rc2-1

4:7.6.3~rc2-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}