Vulnerabilities > CVE-2023-6185

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

libreoffice

fedoraproject

debian

NVD

Published: 2023-12-11

Updated: 2023-12-31

Summary

Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.

Vulnerable Configurations

Part	Description	Count
Application	Libreoffice Libreoffice Libreoffice * Libreoffice Libreoffice 7.5.0 Libreoffice Libreoffice 7.5.1 Libreoffice Libreoffice 7.5.2 Libreoffice Libreoffice 7.5.3	5
OS	Fedoraproject Fedoraproject Fedora 38	1
OS	Debian Debian Debian Linux 11.0 Debian Debian Linux 12.0	2

Vulnerabilities > CVE-2023-6185 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2023-6185"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2023-6185