{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6185", "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "state": "PUBLISHED", "assignerShortName": "Document Fdn.", "dateReserved": "2023-11-17T09:15:06.687Z", "datePublished": "2023-12-11T11:52:06.388Z", "dateUpdated": "2024-08-02T08:21:17.741Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "LibreOffice", "vendor": "The Document Foundation", "versions": [{"lessThan": "7.5.9", "status": "affected", "version": "7.5", "versionType": "7.5 series"}, {"lessThan": "7.6.3", "status": "affected", "version": "7.6", "versionType": "7.6 series"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Thanks to Reginaldo Silva of ubercomp.com for finding and reporting this issue"}], "datePublic": "2023-12-11T00:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins.</div><div>In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.</div>"}], "value": "Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins.\n\nIn affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn.", "dateUpdated": "2023-12-11T11:52:06.388Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185"}, {"url": "https://www.debian.org/security/2023/dsa-5574"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Improper input validation enabling arbitrary Gstreamer pipeline injection", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:21:17.741Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185"}, {"url": "https://www.debian.org/security/2023/dsa-5574", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*", "matchCriteriaId": "A3620339-BFEE-459E-937D-7F785CEE9C9F", "versionEndExcluding": "7.5.9", "versionStartIncluding": "7.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*", "matchCriteriaId": "65A10E4B-F7DE-4FA8-8ACB-D1A54CCD408E", "versionEndExcluding": "7.6.3", "versionStartIncluding": "7.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins.\n\nIn affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.\n\n"}, {"lang": "es", "value": "Vulnerabilidad de validaci\u00f3n de entrada incorrecta en la integraci\u00f3n GStreamer de The Document Foundation LibreOffice permite a un atacante ejecutar complementos GStreamer arbitrarios. En las versiones afectadas, el nombre de archivo del v\u00eddeo incrustado no se escapa lo suficiente cuando se pasa a GStreamer, lo que permite a un atacante ejecutar complementos arbitrarios de gstreamer dependiendo de qu\u00e9 complementos est\u00e9n instalados en el sistema de destino."}], "id": "CVE-2023-6185", "lastModified": "2024-11-21T08:43:18.647", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 6.0, "source": "security@documentfoundation.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-11T12:15:07.037", "references": [{"source": "security@documentfoundation.org", "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html"}, {"source": "security@documentfoundation.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/"}, {"source": "security@documentfoundation.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5574"}, {"source": "security@documentfoundation.org", "tags": ["Vendor Advisory"], "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5574"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185"}], "sourceIdentifier": "security@documentfoundation.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:3304", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libreoffice-1:5.3.6.1-26.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2024-05-23T00:00:00Z"}, {"advisory": "RHSA-2024:1514", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "libreoffice-1:6.4.7.2-16.el8_9", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-03-26T00:00:00Z"}, {"advisory": "RHSA-2024:1512", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "libreoffice-1:6.0.6.1-21.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-03-26T00:00:00Z"}, {"advisory": "RHSA-2024:1512", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "libreoffice-1:6.0.6.1-21.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2024-03-26T00:00:00Z"}, {"advisory": "RHSA-2024:1512", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "libreoffice-1:6.0.6.1-21.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2024-03-26T00:00:00Z"}, {"advisory": "RHSA-2024:1480", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "libreoffice-1:6.4.7.2-16.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-03-25T00:00:00Z"}, {"advisory": "RHSA-2024:1480", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "libreoffice-1:6.4.7.2-16.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-03-25T00:00:00Z"}, {"advisory": "RHSA-2024:1480", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "libreoffice-1:6.4.7.2-16.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-03-25T00:00:00Z"}, {"advisory": "RHSA-2024:1473", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "libreoffice-1:6.4.7.2-16.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-03-21T00:00:00Z"}, {"advisory": "RHSA-2024:1513", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "libreoffice-1:6.4.7.2-16.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-03-26T00:00:00Z"}, {"advisory": "RHSA-2024:1427", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "libreoffice-1:7.1.8.1-12.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:3835", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "libreoffice-1:7.1.8.1-12.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-06-11T00:00:00Z"}, {"advisory": "RHSA-2024:1423", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "libreoffice-1:7.1.8.1-12.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1425", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "libreoffice-1:7.1.8.1-12.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-03-19T00:00:00Z"}], "bugzilla": {"description": "libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution", "id": "2254003", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254003"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H", "status": "verified"}, "cwe": "CWE-250", "details": ["Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins.\nIn affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.", "An improper input validation vulnerability was found in LibreOffice. In versions where filenames are not sufficiently escaped, an attacker can execute arbitrary GStreamer plugins."], "name": "CVE-2023-6185", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libreoffice", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "libreoffice:flatpak/libreoffice", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "libreoffice:flatpak/libreoffice", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-12-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-6185\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6185\nhttps://www.libreoffice.org/about-us/security/advisories/cve-2023-6185"], "threat_severity": "Important", "upstream_fix": "LibreOffice 7.5.9, LibreOffice 7.6.4"}