gsd-2023-6185
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.
Aliases
Aliases



{
  "GSD": {
    "alias": "CVE-2023-6185",
    "id": "GSD-2023-6185"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-6185"
      ],
      "details": "Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins.\n\nIn affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.\n\n",
      "id": "GSD-2023-6185",
      "modified": "2023-12-13T01:20:32.756582Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@documentfoundation.org",
        "ID": "CVE-2023-6185",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "LibreOffice",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "7.5",
                          "version_value": "7.5.9"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "7.6",
                          "version_value": "7.6.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "The Document Foundation"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Thanks to Reginaldo Silva of ubercomp.com for finding and reporting this issue"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins.\n\nIn affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.\n\n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185",
            "refsource": "MISC",
            "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185"
          },
          {
            "name": "https://www.debian.org/security/2023/dsa-5574",
            "refsource": "MISC",
            "url": "https://www.debian.org/security/2023/dsa-5574"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/"
          },
          {
            "name": "https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html",
            "refsource": "MISC",
            "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A3620339-BFEE-459E-937D-7F785CEE9C9F",
                    "versionEndExcluding": "7.5.9",
                    "versionStartIncluding": "7.5.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "65A10E4B-F7DE-4FA8-8ACB-D1A54CCD408E",
                    "versionEndExcluding": "7.6.3",
                    "versionStartIncluding": "7.6.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
                    "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins.\n\nIn affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.\n\n"
          },
          {
            "lang": "es",
            "value": "Vulnerabilidad de validaci\u00f3n de entrada incorrecta en la integraci\u00f3n GStreamer de The Document Foundation LibreOffice permite a un atacante ejecutar complementos GStreamer arbitrarios. En las versiones afectadas, el nombre de archivo del v\u00eddeo incrustado no se escapa lo suficiente cuando se pasa a GStreamer, lo que permite a un atacante ejecutar complementos arbitrarios de gstreamer dependiendo de qu\u00e9 complementos est\u00e9n instalados en el sistema de destino."
          }
        ],
        "id": "CVE-2023-6185",
        "lastModified": "2023-12-31T14:15:42.193",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.7,
              "impactScore": 6.0,
              "source": "security@documentfoundation.org",
              "type": "Secondary"
            }
          ]
        },
        "published": "2023-12-11T12:15:07.037",
        "references": [
          {
            "source": "security@documentfoundation.org",
            "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html"
          },
          {
            "source": "security@documentfoundation.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/"
          },
          {
            "source": "security@documentfoundation.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5574"
          },
          {
            "source": "security@documentfoundation.org",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185"
          }
        ],
        "sourceIdentifier": "security@documentfoundation.org",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "NVD-CWE-noinfo"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.