Mageia 8: MGASA-2023-0194 Critical: LibreOffice Array Issues
mageia
June 8, 2023
Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will ca...
Summary
Improper Validation of Array Index vulnerability in the spreadsheet
component of The Document Foundation LibreOffice allows an attacker to
craft a spreadsheet document that will cause an array index underflow when
loaded. In the affected versions of LibreOffice certain malformed
spreadsheet formulas, such as AGGREGATE, could be created with less
parameters passed to the formula interpreter than it expected, leading to
an array index underflow, in which case there is a risk that arbitrary
code could be executed. (CVE-2023-0950)
Improper access control in editor components of The Document Foundation
LibreOffice allowed an attacker to craft a document that would cause
external links to be loaded without prompt. In the affected versions of
LibreOffice documents that used "floating frames" linked to external
files, would load the contents of those frames without prompting the user
for permission to do so. This was inconsistent with the treatment of other
linked content in LibreOffice. (C...
References
- https://bugs.mageia.org/show_bug.cgi?id=31964
-
-
- https://www.cve.org/CVERecord?id=CVE-2023-0950
- https://www.cve.org/CVERecord?id=CVE-2023-2255
Resolution
SRPMS
- 8/core/libreoffice-7.4.5.1-1.1.mga8
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 08 Jun 2023
URL: https://advisories.mageia.org/MGASA-2023-0194.html
Type: security
CVE: CVE-2023-0950, CVE-2023-2255
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!