CVE-2023-6185
libreoffice - security update
8.8
HIGH
CVSS 3.1
EPSS 1.4%
Description
Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.
How to fix CVE-2023-6185
To remediate CVE-2023-6185, upgrade the affected package to a fixed version below.
- —upgrade to 1:7.0.4-4+deb11u8 or later
- —upgrade to 1:7.0.4-4+deb11u8 or later
Is CVE-2023-6185 being exploited?
Low — EPSS is 1.4%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1:7.0.4-4+deb11u8
- from 0, < 1:7.0.4-4+deb11u8
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |