CVE-2023-6185
Publication date 11 December 2023
Last updated 4 August 2025
Ubuntu priority
Description
Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| libreoffice | ||
| 22.04 LTS jammy |
Fixed 1:7.3.7-0ubuntu0.22.04.4
|
|
| 20.04 LTS focal |
Fixed 1:6.4.7-0ubuntu0.20.04.9
|
|
| 18.04 LTS bionic | Ignored end of standard support | |
| 16.04 LTS xenial | Ignored end of standard support | |
| 14.04 LTS trusty | Ignored end of standard support |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
8.8 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-6546-1
- LibreOffice vulnerabilities
- 11 December 2023
- USN-6546-2
- LibreOffice vulnerabilities
- 14 December 2023