The Document Foundation Announces Vulnerabilities in Libreoffice
The Document Foundation has announced the publication of unsuccessful Corrective issues of the office package Libreoffice 7.6.2 and 7.5.7, which have turned out to be vulnerable in the library Libwebp. The vulnerabilities identified are CVE-2023-4863 and CVE-2023-5129.
Libreoffice, which supports images in the webp format, utilizes code from the library libwebp to process them. The identified vulnerability allows attackers to execute malicious code when processing specially designed data in Libreoffice in Webp format.
This vulnerability in Libwebp doesn’t only affect Libreoffice but also widely used applications such as Chrome, Safari, Firefox, Thunderbird, Discord, Github Desktop, Mattermost, Signal, Edge, Brave, Opera, Slack, Twitch, Visual Studio Code, Android, 1password, and Telegram. These products either use Libwebp, the Chromium engine, or the Electron platform. A prototype exploit is publicly available for testing purposes.
| CVE ID | Vulnerable Products |
|---|---|