USN-6546-1

Details

Reginaldo Silva discovered that LibreOffice incorrectly handled filenames when passing embedded videos to GStreamer. If a user were tricked into opening a specially crafted file, a remote attacker could possibly use this issue to execute arbitrary GStreamer plugins. (CVE-2023-6185)

Reginaldo Silva discovered that LibreOffice incorrectly handled certain non-typical hyperlinks. If a user were tricked into opening a specially crafted file, a remote attacker could possibly use this issue to execute arbitrary scripts. (CVE-2023-6186)

Affected Packages

Ubuntu:23.10libreoffice

Fixed in:

4:7.6.4-0ubuntu0.23.10.1

References

REPORThttps://ubuntu.com/security/CVE-2023-6185 REPORThttps://ubuntu.com/security/CVE-2023-6186 ADVISORYhttps://ubuntu.com/security/notices/USN-6546-1

USN-6546-1

Details

Affected Packages

References

Related

Ecosystems

Timeline