CVE-2023-6185 Vulnerability Details

  /     /     /  

CVE-2023-6185 Metadata Quick Info

CVE Published: 11/12/2023 | CVE Updated: 02/12/2024 | CVE Year: 2023
Source: Document Fdn. | Vendor: The Document Foundation | Product: LibreOffice
Status : PUBLISHED

---

CVE-2023-6185 Description

Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.

Metrics

CVSS Version: 3.1 | Base Score: 8.3 HIGH
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* ADJACENT_NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* REQUIRED
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID:
CWE Name:
Source: The Document Foundation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).