CVE-2023-2255

Description

Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3.

How to fix CVE-2023-2255

To remediate CVE-2023-2255, upgrade the affected package to a fixed version below.

—upgrade to 1:7.0.4-4+deb11u7 or later

Is CVE-2023-2255 being exploited?

Moderate — EPSS is 43.6%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

from 0, < 1:7.0.4-4+deb11u7

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2023-2255